A major multinational IoT communication services company has suffered a major ransomware attack. British Columbia-based Sierra Wireless, known for products that span over 550 patents, announced the attack via Berkshire Hathaway’s Business Wire as the incident took down their website. According to Sierra Wireless’s press release, the ransomware infected its internal IT systems on March 20. Once the attack was discovered, the company immediately began implementing countermeasures in accordance with its cybersecurity policy. They also brought in third-party experts, and according to them, the attack has been successfully stopped.
The aftershocks of the ransomware attack can be found as described in the following press release excerpt from Sierra Wireless:
At this time, Sierra Wireless believes the impact of the attack was limited to Sierra Wireless systems, as the company maintains a clear separation between its internal IT systems and customer-facing products and services.
As a result of the ransomware attack, Sierra Wireless halted production at its manufacturing sites. The company’s website and other internal operations have also been disrupted by the attack. The company believes it will restart production at these facilities and resume normal operations soon. In the meantime, Sierra Wireless asks its customers and partners for their patience as it seeks to remediate the situation.
At the time of this article’s publishing, it is not known publicly who the attackers were or what they wanted. It is also unknown, likely due to the ongoing investigation, what strain of ransomware was responsible for the infection and how the ransomware found a point of infection. Sierra Wireless is staying tight-lipped outside of the press release when it comes to media inquiries. It appears this ransomware attack will exact a significant monetary toll on Sierra Wireless’s bottom line. As part of the press release, Sierra said, “Due to these disruptions, Sierra Wireless is at this time withdrawing the First Quarter 2021 guidance it provided on February 23, 2021.” When Threatpost’s Lindsey O’Donnell contacted the company for further comment for her report on the ransomware incident, Sierra Wireless declined to elaborate beyond what was already shared.
Updates on this story will be shared if and when they are available.
Featured image: Flickr / Josh Hallett