lockbit2 attacks pla-pumpen

Incident Date:

March 19, 2022

World map



lockbit2 attacks pla-pumpen






Kaltenkirchen, Germany

Kaltenkirchen, Germany

First Reported

March 19, 2022

PLA Pumpen und Anlagenbau GmbH: A Target for Lockbit2 Ransomware Attack

PLA Pumpen und Anlagenbau GmbH, a German company specializing in pump technology for water, wastewater, and ventilation systems, has been targeted by the ransomware group Lockbit2. The company, which has been in operation for over 25 years, offers a range of services from consulting to project development, installation, and maintenance of pumping systems.

The attack on PLA Pumpen und Anlagenbau GmbH is not the first instance of ransomware targeting water facilities. In 2021, two rural wastewater systems in Maine were hit by ransomware attacks, which did not compromise taxpayer data but could have overridden alarms or disabled critical equipment. In 2023, a water authority in Pennsylvania was targeted by a pro-Iran group, leading to the shutdown of a water pump station and the replacement of Israeli-made equipment.

The vulnerabilities of PLA Pumpen und Anlagenbau GmbH and other water facilities to ransomware attacks are not limited to their specific industry. In 2023, unpatched security flaws were discovered in water pump controllers made by ProPump and Controls, which could allow hackers to remotely take control of the devices and cause disruption or perform nefarious activities.

The Lockbit2 ransomware attack on PLA Pumpen und Anlagenbau GmbH serves as a reminder of the ongoing threat of cyberattacks on critical infrastructure, including water facilities. It is crucial for companies in the manufacturing sector, particularly those dealing with water and wastewater systems, to prioritize cybersecurity measures to protect their operations and the public they serve.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.