PSI Software fell victim to ransomware on Feb. 15, 2024 – customers probably not at risk

Sicherheit (Pexels, allgemeine Nutzung)[German]Cyber incident at the Berlin-based German software company PSI Software. It was known that they had been the victim of a cyberattack on February 15, 2024 – I had reported on the suspicion and confirmation came later. Now the company has provided some more information. Internally, ransomware has probably done its work on the systems. The suspicion that customer systems (especially in the sector of critical infrastructures) were affected has not yet been confirmed.


Advertising

Review of the cyber incident

I eported on February 16, 2024 in the German blog post PSI Software Opfer eines Cyberangriffs (15. Feb. 2024) about the suspected cyberattack on Berlin-based PSI Software. The website was already completely offline as of February 15, 2024, and there were reports that most of the software company's IT services were down. In addition, an anonymous source told mit that several business partners had confirmed a cyber incident at the company.

During my research, I then came across an ad hoc announcement from PSI Software confirming a cyberattack on PSI's IT systems on February 15, 2024. As an immediate response, the systems had been proactively disconnected from the internet to prevent data breaches and data corruption. At the same time, an analysis of the IT systems was started to determine the extent of the impact.

Why the attack matters?

PSI Software SE is a listed German software company based in Berlin, which employed 2,223 people in 2021 and generated sales of 248.4 million euros. It's not that unusual, but PSI Software develops and integrates software for energy suppliers, industrial companies and infrastructure operators. PSI sees itself as the European market leader in energy control systems for electricity, gas, heat, oil and water.

In plain language: PSI Software is active for many companies in the critical infrastructure sector. I heard from a source that there are many remote connections from PSI Software's systems to the systems of KRITIS customers, so that PSI employees can maintain the systems there. PSI Software is also said to maintain the firewalls of many customers. If the attackers managed to gain access to these credentials, this would be a disaster, as it would then also be possible to access customer systems.

In my blog post PSI Software Opfer eines Cyberangriffs (15. Feb. 2024), I gave some indications of systems that may have been used for the hack – but this is unconfirmed. A source had already told me at the weekend that no customer had been compromised. The accesses in question had probably been disconnected in good time.


Advertising

Ransomware attack confirmed

As of February 19, 2024, PSI Software has published an initial announcement about the incident on the company website. It confirms that the company's internal IT infrastructure has been affected by a ransomware attack. The company states that unusual activity was detected in the internal network on the night of February 15, 2024. As a result, all external connections and systems were successively shut down that night. At the same time, PSI's mail system was also shut down at this time, so that no mails have been sent from PSI systems since then.

The company is currently analyzing the exact vector of the attack. In the notification, however, the provider already writes that there are currently no indications that PSI systems at customers have been compromised. In particular, there was no access to remote access for the maintenance of customer systems according to the current state of knowledge. This statement confirms the information provided by my source at the weekend – although I am leaving this fact open. This is because it is not yet known when the attackers first gained access and how the remote accesses for the maintenance of customer systems were secured. It is possible that these were carried out via systems that were not affected – due to a lack of details, it is not possible to make a definitive statement.

The company states that it has been in contact with the responsible authorities and selected experts recommended by the Federal Office for Information Security since February 16, 2024. The company's own experts are working at full speed to minimize the scope and impact of the incident. PSI Software SE is doing everything in its power to make the affected systems available again as quickly as possible. It remains to be seen whether further information will become available in the coming days. (via)


Advertising

This entry was posted in Allgemein. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).