Cyber Incident Victim: Aebi Schmidt

On April 23, 2019, Switzerland-based manufacturing conglomerate Aebi Schmidt experienced a ransomware attack that disrupted operations across its international network, including U.S. subsidiaries acquired through recent expansions. The attack began on April 22, paralyzing systems essential for manufacturing operations and rendering the company’s email systems inaccessible. A source familiar with the incident reported widespread system failures, with the most significant impact occurring at the company’s European base. Employees were sent home in some regions, with certain staff forced to take unpaid leave due to the operational halt. Spokesperson Thomas Schiess initially acknowledged "e-mail system troubles" and limited availability of other systems via a Facebook message but declined to confirm ransomware as the cause. By April 24, Schiess stated that operational systems—including SAP business and sales platforms—were functional and production had resumed, though the Windows network remained compromised by a virus.

Technicians prioritized restoring the Windows environment, a process Schiess indicated would require extended time, while other systems were proactively shut down as a precautionary measure. During an all-hands meeting on April 24, employees were informed the incident was a ransomware attack, contradicting the company’s public avoidance of the term. The attack specifically crippled infrastructure supporting manufacturing workflows, though the exact ransomware variant remained unidentified. Recovery efforts focused on isolating infected systems and restoring critical operations, with no disclosure of whether data was exfiltrated or a ransom demanded. The incident highlighted vulnerabilities in Aebi Schmidt’s network architecture following its rapid U.S. expansion through acquisitions like M-B Companies, Meyer Products, and Swenson Products, though no direct link between these acquisitions and the attack was confirmed.