kelvinsecurity attacks PTC industries
Incident Date:
May 6, 2022
Overview
Title
kelvinsecurity attacks PTC industries
Victim
PTC industries
Attacker
Kelvinsecurity
Location
First Reported
May 6, 2022
PTC Industries Suffers Ransomware Attack
PTC Industries, a prominent manufacturer in the aerospace, LNG processing, oil and gas, marine, energy, pulp & paper, petrochemical, and other engineering sectors, has fallen victim to a ransomware attack orchestrated by the Kelvinsecurity group. The incident was disclosed on the group's dark web leak site.
As a key figure in the manufacturing domain, PTC Industries boasts a diverse portfolio that spans investment casting, titanium powder manufacture, precision CNC machining, and leading-edge technologies. The company's extensive involvement across various sectors hints at its significant operational scale and its pivotal role in promoting sustainability through the adoption of renewable energy sources.
The cyber assault on PTC Industries mirrors a growing trend of cybercriminals targeting the manufacturing sector. In 2021, this sector accounted for 65% of industrial ransomware incidents, with metal components, automotive, and plastics/technology emerging as the most affected subsectors. Notably, ransomware groups such as Conti and Lockbit 2.0, responsible for 51% of all ransomware attacks that year, have marked manufacturers as particularly vulnerable and lucrative targets.
While specific vulnerabilities exploited in the attack on PTC Industries remain undisclosed, it is widely acknowledged that many manufacturers are ill-prepared for such cyber threats. This unpreparedness is often due to limited oversight of Operational Technology (OT) systems, inadequate network perimeters, exposure of OT systems to external connectivity, and the use of shared credentials, all of which facilitate ransomware group access to systems.
To fend off ransomware attacks, it is imperative for manufacturers to enhance the security of their IT and OT systems. This entails the hardening of devices connected to PTC systems, vigilant monitoring of rail networks for unusual activities, and strategic interventions in critical network segments to avert significant disruptions or accidents.
The ransomware attack on PTC Industries underscores the escalating risk of cybercriminals targeting the manufacturing industry. As this sector progresses towards greater digitalization and interconnectivity, prioritizing cybersecurity and adopting proactive defense measures are essential to safeguarding operational continuity and data integrity.
Sources
- PTC Industries. (n.d.). Our Organisation. Retrieved April 10, 2024, from http://www.ptcil.com/.
- Manufacturing Leadership Council. (2022, February 23). Ransomware Attacks Increasingly Targeting Manufacturers. Retrieved April 10, 2024, from https://manufacturingleadershipcouncil.com/ransomware-attacks-increasingly-targeting-manufacturers-27687/.
- Dragos. (2021, October 15). Positive Train Control (PTC) Expands Cyber Attack Surface for Rail Systems. Retrieved April 10, 2024, from https://www.dragos.com/blog/positive-train-control-ptc-expands-cyber-attack-surface-for-rail-systems/.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.