Lacroix Shuts Down Facilities After Ransomware Attack

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | May 17, 2023 05:36 pm PST

According to reports, international electronics firm Lacroix thwarted a cyberattack on its French (Beaupréau), German (Willich), and Tunisian (Zriba) activity sites. The company claims it has temporarily disabled a number of its online services in order to analyze the damage caused by the attack.

Lacroix said in a statement, “Investigations are in motion to ensure that the attack has been completely contained before the systems of these sites are restarted.” A search for exfiltrated data is underway, and encryption has been implemented on some local infrastructures.

Due to the complexity of these tasks and the requirement to use backups to restore systems, all three locations will be inaccessible for the remainder of the week.

Although it is too soon to know for sure when manufacturing will resume, Lacroix hopes to be back in business by Monday, May 22.

Meanwhile, the company reported that partial activity measures had been adopted and that a site-specific strategy for management and resumption had been developed.

Lacroix went on to say that Louis Pourdieu, General Manager of the Electronics EMEA activity, is communicating with customers and suppliers about the shutdown and the requirements for reopening these plants.

In 2022, the affected locations will contribute 19% of the group’s overall revenues, so this is a substantial chunk of the business. However, Lacroix does not expect any major impact on the overall performance expected for the group in 2023 due to a “favorable calendar” this week, with only three days of work.

The three Lacroix factories being shut down serves as a clear reminder, according to Oz Alashe MBE, CEO of CybSafe, that cyber security must go beyond compliance and tick-box exercises.

Malware of any kind, including ransomware and wiperware, can be avoided. The executive outlined many steps, including practicing “basic cyber hygiene” with network partitioning, backups, frequent patching, and vulnerability assessments.

However, businesses that are serious about staying ahead of the thieves (and the competition) will emphasize secure practices, viewing security either as a fundamental principle or an ongoing procedure. People wish to contribute to the remedy.

Six months after a ransomware attack on Norwegian software provider DNV crippled around 1,000 ships, a similar incident hit Lacroix.


After a ransomware assault, Lacroix Group suspended three production sites for a week. Lacroix is a global designer and manufacturer of linked and Industrial Internet of things (IIoT) systems for automotive, aerospace, water, energy, and smart road infrastructure. On the night of May 12, the corporation identified a targeted cyberattack on its French (Beaupréau), German (Willich), and Tunisian (Zriba) electronics system production plants. The corporation shut down computer systems at these facilities and investigated to see if the attack was confined and if data was stolen. Before the attack was stopped, file-encrypting ransomware was used to encrypt local infrastructure.

“These actions and using the backups to restart should take a few days, which is why the three sites are closed for the week,” Lacroix explains. The company hopes to restart production at the three sites on May 22 using limited activity measures and site recovery plans. Lacroix expects the cyberattack to have little impact on the group’s performance this year because the three sites accounted for 19% of sales last year and the French and German sites were closed on Thursday and Friday for Ascension Day, a public holiday in both countries.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x