An Eastern European group was responsible for the attack, using a ransomware called BlackMatter, which is based on a ransomware-as-a-Service (RaaS) model.
As there had already been an attack on Colonial Pipeline in the U.S. with a predecessor program, U.S. authorities were alerted and were able to support the German police in the investigation. According to media reports, the cybercrime group has since disbanded, not least because many of its members have apparently been arrested.
As soon as the attack became known, charges were filed, Eberspaecher called in the police.
“We were lucky that the local police chief takes cybercrime very seriously and that the authorities are well positioned,” said Peters.
Two years earlier, Pilz, a medium-sized German automation specialist from Ostfildern near Stuttgart, had also fallen victim to a hacker attack.
The police had significantly upgraded their capabilities following that attack, Peters said. “They were really very well networked,” he added.
For Eberspaecher, the first priority was to secure production in the 50 plants and to continue serving customers.
The company works with almost all major vehicle manufacturers, both in the passenger car and commercial vehicle sectors.
Employees worked almost around the clock in the first few weeks to keep the assembly lines running, replacing processes with analog workarounds. “That welded us together as a workforce and was a great experience,” Peters said.
He said none of Eberspaecher’s customers had to stop production because of a lack of parts.
After a painstaking audit, the IT infrastructure was gradually put back into operation over a period of weeks and months.
A forensics team also checked which areas of the network were affected and cleaned up the data. In the process, parts of the network and structure were rebuilt in parallel and made even more secure.
Peters said that while IT systems have been now been further optimized, from his perspective, there is no “absolute security” against such attacks.
“When you see how much we as a company invest in data-driven processes and business models, it can make you a little anxious,” he said.