Three weeks after a ransomware attack struck German software developer PSI Software SE, the company is still in the process of recovering from the February 15 assault that hurt the firm’s internal infrastructure, company officials said last week.

The 2,000-employee company is a supplier of complex production and logistics processes for the energy industry.

“Following initial checks of all laptops, these and all PSI computers have been scanned for malware in a further, multi-stage and highly sensitive process since Friday, February 23, 2024,” the company said in an advisory on Thursday (March 7).

“We continue to be supported in this by a certified service provider recommended by the German Federal Office for Information Security (BSI),” the advisory said. “The scan of the laptops and PC clients is now largely complete, so we will now concentrate on examining all other computers. The laptops and computers classified as secure will gradually regain access to the restored parts of the basic infrastructure following the introduction of an extended security solution.

“We are currently working at full speed to have parts of the PSI infrastructure that were not directly affected by the malware due to special security measures checked by our IT forensics service provider and to make them available again for customer support as soon as possible. Your account manager will keep you actively informed of further progress. In other areas, we are working on the secure commissioning of the infrastructure so that our employees will soon have access to the most important basic services again. Limited operations have already been resumed in the first areas and will be expanded step by step. Our aim is to provide you, our customers, with the usual services again as quickly as possible. In the meantime, you can still reach us via the interim mail system,” the company said.

Schneider Bold

Meanwhile the company added the forensic investigation continues, but since it is a large IT environment and the number of systems to investigate is sizable, it will take more time.

“The focus is currently on the investigation and subsequent release of the IT systems so that they can be used again as quickly as possible,” the company said. “At the same time, information regarding the initial attack vector and the compromise is being collected and evaluated. We will inform you here as soon as we have new information about the incident.

On February 15, PSI Software said a cyberattack forced it to disconnect several IT systems, including email, as a measure to mitigate the risk of data loss.

At the time of the incident, the company said, “We detected unusual activity in our network during the night of February 15, 2024. As a result, all external connections and systems were successively shut down still in the night.”

ISSSource

Pin It on Pinterest

Share This