DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cyber ​​attack on Kisters AG by orchestrated ransomware attack

Posted on December 2, 2021 by Dissent

On November 10-11, Kisters AG in Germany was hit by a ransomware attack. Because the firm is a critical infrastructure supplier for energy systems and with the potential for downstream compromise, this one has raised significant concerns.  The following are some translated snippets from energie.blog, which has been providing updates on the attack:

Update: 11/21/2021:
“According to the previous forensic analyzes, there are currently no indications that the software products we have delivered have been compromised.”

Update: 11/23/2021:
“To ensure the security of our customers, we are completely redesigning our systems. Work on this is currently in full swing. Data that we can use from the backup is carefully checked in advance to ensure its integrity and consistency as far as possible. For our cloud customers, we will start restoring the systems tomorrow (Wednesday), from Thursday these systems will be checked immediately and monitored for abnormalities. After that, the approval will take place step by step in the following days and weeks. Your KISTERS contact person: in will then get in touch with you. In parallel, the forensic analyzes will continue. ”

Update: 11/30/2021 (from press release):
The responsible data protection authorities have already been informed. Since KISTERS will not engage in such attempts at extortion, the publication of the captured data is to be expected. As soon as information is available as to whether customer data is affected, KISTERS will seek immediate direct contact with those affected. At the same time, the IT company continues to work closely with the security authorities, who will systematically prosecute any publication of data by the hackers as a criminal offense.

Update: 12/02/2021
According to a report by DarkFeed.io, Conti threat actors add Kisters.de to their leak site, and publish what they claim is 5% of exfiltrated data.

Screencap of Kisters Listing
Image: DarkFeed.io

When checked this morning, prior to publication, the listing could not be found. Because Kisters had indicated that they had no intention of paying, the removal of the listing could mean of one several things, but rather than speculating, DataBreaches.net will just continue to monitor the leak site to see if it reappears.

No related posts.

Category: Business SectorMalwareNon-U.S.

Post navigation

← Double Extortion Ransomware Victims Soar 935%
Two Georgia men sentenced for using Dark Web to steal identities of elderly victims →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.