In the night from 10 to 11 November 2021, KISTERS Group became a victim of a cyber attack. Despite our strong security system, the attackers gained access to our network via an orchestrated ransomware attack. In the meantime, we have returned to normal operations in almost all areas.
Archive Update Messages
Thanks to the enormous efforts of our colleagues in the past weeks, we have meanwhile returned to normal operations in almost all areas. That means:
- Our customers' KISTERScloud systems are back in operation.
- Support is fully available and operational again.
- Most of our internal processes have been restored.
- The check of the software source codes is almost complete.
- All KISTERS business units now have their own website areas again, which will be further expanded in the near future. [Overview business units]
Consequently, we will stop the closely timed updates at this point. From now on you will find all news under [News]. The complete information on the cyber attack is available here.
Please understand that there are still some areas and systems that are not yet working as usual.
Thank you very much for your trust over the last few weeks.
Things are moving forward on our websites:
- The website of our subsidiary KISTERS North America is completely online again. There you will find information and solutions for the water industry and the energy industry, amongst others: [Website KISTERS North America]
- Our business unit Viewer is also back online with its 3DViewStation: [Website KISTERS 3DViewStation]
- The Energy Division now has a more comprehensive German website again with information for the market roles, our solutions and offers as well as news: [Website KISTERS Energy (German)]
Our colleagues from Support and Sales in the Business Unit Energy can be reached again via the familiar e-mail addresses.
Therefore, please stop using the temporarily created GMX address now. Thank you very much!
Our colleagues continue to work at full speed to restore normal operations for our customers and internally.
From now on, updates on the current situation will only be provided here when we have relevant new information to share with you.
As part of the rebuilding of the KISTERS infrastructure, we have outsourced our email servers (MS Exchange) to the Microsoft Azure Cloud. The decisive factor for this was, on the one hand, our goal to be reachable by email again as quickly as possible and, on the other hand, a technical decoupling of the email servers from our internal infrastructure. At the same time, we are also taking into account the special threat situation currently identified by the BSI and the BKA.
[Press release BSI - german only]
The rebuilding of the internal infrastructure continues to make progress.
We are currently working to restore the websites of our individual business units.
Press release: In the night of 11 November 2021, the IT company KISTERS was the victim of a cyber attack. The criminal attackers secured access to the company's data through an orchestrated ransomware attack, encrypted it and threatened to publish the captured data. The corresponding ultimatum has expired.
[Full press release]
The reloading of the cloud systems is making progress.
From now on, we will communicate customer-specific updates to the cloud systems directly to customers only.
In addition, further colleagues are currently gaining access to their email inboxes and the company network successively.
Since Wednesday, the cloud solutions have been reloaded. This takes several hours per system. Yesterday, the multi-stage virus checks of the customer systems were started, which currently take up to 24 hours per customer system. So far, no abnormalities have been detected in customer systems. Starting this weekend, the first systems will be activated in a strongly secured environment in our computer centre. These systems will then be checked by our technical colleagues/consultants and will then go into the release process. Even though this is still a very lengthy and time-consuming process, we consider it necessary to ensure IT security.
In addition, the first colleagues in Aachen, Oldenburg and Vienna received their newly installed computers today. Other employees and locations will follow successively.
The KISTERS telephony systems have been rebuilt and are now gradually being put back into operation. Our colleagues in individual locations (such as Aachen and Oldenburg in Germany) can already be reached again as usual. Other locations will follow. [Contact details]
E-mails to colleagues' personal KISTERS addresses have been back in their mailboxes since 14 November 2021 and will not be lost (e-mails to KISTERS collective addresses since 20 November). However, for security reasons, colleagues do not have internal access to their mailboxes yet. We will inform you here as soon as this changes.
The setup of the new IT infrastructure has been completed to such an extent that the restore from the secure backup was started today. The check will then be started successively tomorrow.
In order to guarantee the security of our customers, we are completely rebuilding our systems. The work on this is currently in full swing. Data that we can use from the back-up will be carefully checked in advance to ensure integrity and consistency as far as possible.
For our cloud customers, we will start restoring the systems tomorrow (Wednesday), and from Thursday onwards, these systems will be checked immediately and monitored for any anomalies.
After that, the release will take place step by step in the following days and weeks. Your KISTERS contact person will then get in touch with you.
Parallel to this, the forensic analyses will continue.
According to the forensic analyses carried out so far, there are currently no indications that our delivered software products have been compromised.
Cyber attack on KISTERS AG
In the night from 10 to 11 November 2021, the IT company KISTERS AG (Aachen/Germany) became a victim of a cyber attack. According to current knowledge, the attackers gained access to the computer network of the software provider for sustainable resource management systems via an orchestrated ransomware attack despite a strong security system.