Cyber Incident Victim: Nuaire
Date:
Apr 2022
Location:
United Kingdom
Summary
Nuaire, a ventilation manufacturer, experienced a ransomware cyber attack causing temporary operational disruptions including halted production, sales delays, and communication system outages. The incident necessitated system restoration efforts and resulted in significant financial costs. Parent company Genuit Group reported recovering most lost sales later in the year while implementing enhanced cybersecurity measures to prevent future breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In April 2022, Nuaire, a ventilation manufacturing subsidiary of Genuit Group plc based in Caerphilly, Wales, experienced a cyber attack that disrupted operations at its production facility. The incident occurred during Q2 2022, with systems compromised by at least late March or early April, as evidenced by sustained email and phone system outages reported by customers from late March onward. Attackers deployed ransomware, encrypting systems and demanding payment, though Genuit’s financial disclosures later characterized the attack as an "unsuccessful attempt." The intrusion caused immediate manufacturing disruptions at Nuaire’s south Wales plant, halting production lines and order fulfillment for several weeks. Parent company Genuit Group quantified the operational impact at over £4 million in lost sales during April-May 2022, with additional £1.2 million in direct incident response costs categorized as non-underlying expenses.
Nuaire’s IT team initiated containment measures by isolating affected systems, while Genuit Group’s corporate security personnel engaged external cybersecurity consultants for forensic analysis. Employees were instructed not to use compromised communication channels, with some staff directed to temporarily work remotely or remain idle during system restoration. Customer service operations shifted to manual processes as phone and email systems remained inoperative for multiple days. Genuit’s leadership publicly acknowledged the incident only as a "technical issue" in initial communications, later confirming the cyber attack nature after media inquiries. The company restored critical manufacturing systems by late May 2022, enabling partial production resumption, and recovered most lost sales through accelerated output in H2 2022. Post-incident investigations revealed no evidence of data exfiltration, though Genuit implemented enhanced network monitoring and upgraded endpoint protections across all subsidiaries. The attack exposed vulnerabilities in Nuaire’s legacy industrial control systems, which lacked segmentation from corporate IT networks, prompting Genuit to allocate additional capital expenditure for cybersecurity infrastructure modernization throughout 2022-2023.