Cyber Incident Victim: Pilz
Date:
Oct 2019
Location:
Germany
Summary
A major German automation tools manufacturer suffered a global ransomware infection that forced the company to disconnect all servers, workstations, and communication systems across its operations in 76 countries. The incident severely disrupted email services for several days, delayed restoration of order and delivery systems, and hampered production due to inability to process customer orders. The BitPaymer ransomware strain—distributed via the Dridex botnet and known for targeting high-value organizations—caused widespread operational paralysis, requiring extensive network isolation measures. While production machinery remained unaffected, business functions were significantly impaired by communication breakdowns and order management failures during the outage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 13, 2019, Pilz, a Germany-based global manufacturer of automation tools, experienced a widespread ransomware infection that disrupted operations across all 76 countries where it maintained facilities. The attack compromised all company servers, PC workstations, and communication systems, forcing an immediate precautionary shutdown of all computer systems and disconnection from corporate networks. This global network isolation prevented international locations from filing new orders, checking customer statuses, or accessing production coordination systems. While physical production lines remained operational, the inability to verify orders and delivery requirements significantly hampered manufacturing efficiency, causing slowdowns throughout the production chain. The company publicly confirmed the incident via its website, acknowledging the complete scope of the disruption but did not disclose initial detection methods or intrusion vectors.
Recovery efforts proceeded incrementally over the following week. Pilz restored internal email services after three days but required an additional three days to extend email functionality to international offices. Full restoration of product ordering and delivery systems was achieved only on October 21, 2019—eight days post-incident. Cybersecurity researchers identified BitPaymer ransomware as the primary malware involved, noting its historical association with high-value targets through the Dridex botnet distribution channel. The incident caused prolonged operational paralysis across Pilz's global supply chain and customer service operations, with residual effects on order fulfillment persisting after partial system restoration. The company maintained production continuity through manual workarounds despite significant efficiency losses stemming from disconnected digital systems.