Breaking News: Cyber criminals attacked twice the Saurer textile machinery producer

The demanded ransom of USD 500000, but Saurer did not comply. Now the hackers released important data in the dark net.  

By guest author Lukas Mäder from Neue Zürcher Zeitung. Translation Virginia F. Bodmer-Altura

On August 1, 2021 the cyber criminals attacked the company for the first time. They encrypted the IT of the Swiss Saurer in Arbon, but situated in the data centers in Germany. A part of the Systems falls out, another part was separated from the network for security reasons. For several days the system provoked failures, until completion of the system recovery, this was confirmed to the Neue Zürcher Zeitung (NZZ).

The attackers demand a ransom of USD 500000, the request was denied by Saurer according to inside information. Sauerer was able to recover the computer systems itself and informed the German authorities and informs the personnel of the security incident.

But the analysis of the cyber attack was probably not comprehensive enough: On August 26, 2021 “the attack continued in a second wave” confirms Saurer. The criminals were possibly aware of a back door to the systems, however until the end of August there were no larger interruptions within the systems.

Attackers published sensitive data

Up to that date, Saurer voiced the opinion that the attacker were not able to steel sensitive data. But this supposition was evidently wrong, because a ransomware group with the name Karma published in the dark on September 2, 2021 thousands of sensitive data, stolen at the beginning of August before the data encryption.

Among the 12 Gigabyte data there are voluminous financial documents, contracts, invoices and salary documents of Saurer. This is the result of detailed data list the NZZ was able to look into. Due to the designations of this data, it is to be assumed that the published information represents only a small part of the stolen data.

Criminal gang Karma is not yet well known

The ransomware group Karma seems to be a rather new organisation of cyber criminals that came to light around three month ago under this name. Only recently, end of August 2021 a first IT security firm published a first technical analysis of the malware by Karma.

Saurer is among the first two victimes the exortionate published data in the internet. Also the Swiss nationale centre for cyber security in Bern was not aware of the Ransomware group Karma and did not register claims by victims.

During the recent months there were several ransomware groups with new names evident. The reason could be that criminal gangs such as Revil or Darkside with eye catching attacks drew attention, have submerged. However, it is not always clear if the new grouping is just a new name for the past organisation, now operating under a new name.

Insert by TextileFuture:

The Saurer Group, founded in 1853, is a leading, globally active technology company with a focus on machines and components for yarn production. As a company with a long heritage, textile machinery, automobiles and engines have been all important parts of the company’s portfolio during the historical development of Saurer. Saurer has always been an innovation leader. Today, Saurer consists of two segments: Spinning Solutions, which offers high-quality, technologically advanced and customer-specific automated solutions for staple fibre processing from bale to yarn, and Saurer Technologies, which specialises in twisting and embroidery solutions as well as engineering and polymer solutions. With around 4 700 employees, the Saurer Group, with locations in Switzerland, Germany, Turkey, Brazil, Mexico, the USA, China, India, Uzbekistan, and Singapore, is well equipped to serve the world’s textile centres. Saurer is listed on the Shanghai Stock Exchange (WKN: 600545).

This feature was published on September 2, 2021 by the Neue Zürcher Zeitung, Zurich, Switzerland