Wisag

WISAG, also known as Wisag, is a Germany-based company operating in the facility management and industrial services sectors, with a specific division providing ground handling services, particularly within the aviation industry. The organization's operational scale is evidenced by its workforce of approximately 55,000 employees, a figure noted in relation to payroll processing disruptions during a prior cyber incident. Its service portfolio encompasses a broad range of support functions for industrial and commercial clients, including specialized ground handling at airports, positioning it as a significant player in European infrastructure and logistics support services. The company's headquarters are located in Germany, and its business activities are noted as continuing even during severe IT system outages, indicating a reliance on physical and operational continuity plans.

The company's public profile is notably shaped by its documented experience with repeated cyberattacks and its stated response strategies. In early 2022, WISAG suffered a cyberattack that prompted a complete IT system shutdown; the organization activated contingency plans to maintain core functions without major operational disruption, refused to engage in ransom negotiations, and involved law enforcement, publicly affirming a policy of not paying criminals. Approximately one year later, in February 2023, the company experienced a second attack, leading to another immediate IT systems shutdown and rendering its corporate website and email inaccessible. Following the initial 2022 breach, WISAG reported investing in cybersecurity improvements. In both incidents, the company communicated promptly on system restoration efforts and, at the time of reporting, asserted no evidence of customer or internal data exfiltration, though investigations into the scope and origins of the attacks, including potential data theft, were noted as ongoing by authorities. These events highlight a pattern of targeted disruption and a corporate stance focused on operational resilience, forensic investigation, and law enforcement collaboration rather than ransom payment.