Experts On EDP Energy Giant Confirms Ragnar Locker Ransomware Attack

EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation’s systems, the Portuguese multinational energy giant Energias de Portugal (EDP).

Experts Comments

July 07, 2020
Kristen Poulos
VP & General Manager of Industrial Cybersecurity
Tripwire
Ransomware attacks are particularly concerning for companies with both heavy IT and OT footprints. In the case of EDP Renewables, it appears the attack was contained to their Enterprise systems and mainly confidential information regarding things like billing and contracts was targeted. Though that's a significant challenge in and of itself, if such attacks were to permeate into the OT space (due to improper segmentation between IT and OT), they could infect systems critical to energy output,.....Read More
Ransomware attacks are particularly concerning for companies with both heavy IT and OT footprints. In the case of EDP Renewables, it appears the attack was contained to their Enterprise systems and mainly confidential information regarding things like billing and contracts was targeted. Though that's a significant challenge in and of itself, if such attacks were to permeate into the OT space (due to improper segmentation between IT and OT), they could infect systems critical to energy output, like HMIs and engineering workstations. Luckily, this did not appear to be the case this time.  Read Less
July 07, 2020
Jamie Akhtar
CEO and Co-founder
CyberSmart
We are seeing a lot of breaches recently coming through weak links in the supply chain or under corporate umbrellas. It's important to be aware of the knock-on effects of poor cyber security. Companies do not exist on their own. They are part of a network of suppliers, customers, and individual employees. When one organisation, even a small one, fails to take their security seriously it can have implications far beyond their own operations. Basic cyber hygiene like keeping software up to date.....Read More
We are seeing a lot of breaches recently coming through weak links in the supply chain or under corporate umbrellas. It's important to be aware of the knock-on effects of poor cyber security. Companies do not exist on their own. They are part of a network of suppliers, customers, and individual employees. When one organisation, even a small one, fails to take their security seriously it can have implications far beyond their own operations. Basic cyber hygiene like keeping software up to date and having secure passwords can go a long way in preventing the majority of breaches like this. Large corporates would do well to require their smaller companies and suppliers to adhere to cyber security guidelines like those set out in the Cyber Essentials scheme.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.