DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cyber ​​attack on Kisters AG by orchestrated ransomware attack

Posted on December 2, 2021 by Dissent

On November 10-11, Kisters AG in Germany was hit by a ransomware attack. Because the firm is a critical infrastructure supplier for energy systems and with the potential for downstream compromise, this one has raised significant concerns.  The following are some translated snippets from energie.blog, which has been providing updates on the attack:

Update: 11/21/2021:
“According to the previous forensic analyzes, there are currently no indications that the software products we have delivered have been compromised.”

Update: 11/23/2021:
“To ensure the security of our customers, we are completely redesigning our systems. Work on this is currently in full swing. Data that we can use from the backup is carefully checked in advance to ensure its integrity and consistency as far as possible. For our cloud customers, we will start restoring the systems tomorrow (Wednesday), from Thursday these systems will be checked immediately and monitored for abnormalities. After that, the approval will take place step by step in the following days and weeks. Your KISTERS contact person: in will then get in touch with you. In parallel, the forensic analyzes will continue. ”

Update: 11/30/2021 (from press release):
The responsible data protection authorities have already been informed. Since KISTERS will not engage in such attempts at extortion, the publication of the captured data is to be expected. As soon as information is available as to whether customer data is affected, KISTERS will seek immediate direct contact with those affected. At the same time, the IT company continues to work closely with the security authorities, who will systematically prosecute any publication of data by the hackers as a criminal offense.

Update: 12/02/2021
According to a report by DarkFeed.io, Conti threat actors add Kisters.de to their leak site, and publish what they claim is 5% of exfiltrated data.

Screencap of Kisters Listing
Image: DarkFeed.io

When checked this morning, prior to publication, the listing could not be found. Because Kisters had indicated that they had no intention of paying, the removal of the listing could mean of one several things, but rather than speculating, DataBreaches.net will just continue to monitor the leak site to see if it reappears.

Category: Business SectorMalwareNon-U.S.

Post navigation

← Double Extortion Ransomware Victims Soar 935%
Two Georgia men sentenced for using Dark Web to steal identities of elderly victims →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.