At this point we will give you updates on our current situation:
Our colleagues continue to work at full speed to restore normal operations for our customers and internally.
From now on, updates on the current situation will only be provided here when we have relevant new information to share with you.
As part of the rebuilding of the KISTERS infrastructure, we have outsourced our email servers (MS Exchange) to the Microsoft Azure Cloud. The decisive factor for this was, on the one hand, our goal to be reachable by email again as quickly as possible and, on the other hand, a technical decoupling of the email servers from our internal infrastructure. At the same time, we are also taking into account the special threat situation currently identified by the BSI and the BKA.
[Press release BSI - german only]
The rebuilding of the internal infrastructure continues to make progress.
We are currently working to restore the websites of our individual business units.
Press release: In the night of 11 November 2021, the IT company KISTERS was the victim of a cyber attack. The criminal attackers secured access to the company's data through an orchestrated ransomware attack, encrypted it and threatened to publish the captured data. The corresponding ultimatum has expired.
[Full press release]
The reloading of the cloud systems is making progress.
From now on, we will communicate customer-specific updates to the cloud systems directly to customers only.
In addition, further colleagues are currently gaining access to their email inboxes and the company network successively.
Since Wednesday, the cloud solutions have been reloaded. This takes several hours per system. Yesterday, the multi-stage virus checks of the customer systems were started, which currently take up to 24 hours per customer system. So far, no abnormalities have been detected in customer systems. Starting this weekend, the first systems will be activated in a strongly secured environment in our computer centre. These systems will then be checked by our technical colleagues/consultants and will then go into the release process. Even though this is still a very lengthy and time-consuming process, we consider it necessary to ensure IT security.
In addition, the first colleagues in Aachen, Oldenburg and Vienna received their newly installed computers today. Other employees and locations will follow successively.
The KISTERS telephony systems have been rebuilt and are now gradually being put back into operation. Our colleagues in individual locations (such as Aachen and Oldenburg in Germany) can already be reached again as usual. Other locations will follow. [Contact details]
E-mails to colleagues' personal KISTERS addresses have been back in their mailboxes since 14 November 2021 and will not be lost (e-mails to KISTERS collective addresses since 20 November). However, for security reasons, colleagues do not have internal access to their mailboxes yet. We will inform you here as soon as this changes.
The setup of the new IT infrastructure has been completed to such an extent that the restore from the secure backup was started today. The check will then be started successively tomorrow.
In order to guarantee the security of our customers, we are completely rebuilding our systems. The work on this is currently in full swing. Data that we can use from the back-up will be carefully checked in advance to ensure integrity and consistency as far as possible.
For our cloud customers, we will start restoring the systems tomorrow (Wednesday), and from Thursday onwards, these systems will be checked immediately and monitored for any anomalies.
After that, the release will take place step by step in the following days and weeks. Your KISTERS contact person will then get in touch with you.
Parallel to this, the forensic analyses will continue.
According to the forensic analyses carried out so far, there are currently no indications that our delivered software products have been compromised.
Cyber attack on KISTERS AG
In the night from 10 to 11 November 2021, the IT company KISTERS AG (Aachen/Germany) became a victim of a cyber attack. According to current knowledge, the attackers gained access to the computer network of the software provider for sustainable resource management systems via an orchestrated ransomware attack despite a strong security system.