En la noche del 10 al 11 de noviembre de 2021, la empresa informática KISTERS AG (Aachen/Alemania) fue víctima de un ciberataque. A pesar de nuestro sólido sistema de seguridad, los atacantes consiguieron acceder a nuestra red mediante un ataque de ransomware orquestado. Mientras tanto, hemos vuelto a la normalidad en casi todos los ámbitos.
Archivo de mensajes de actualización
Thanks to the enormous efforts of our colleagues in the past weeks, we have meanwhile returned to normal operations in almost all areas. That means:
- Our customers' KISTERScloud systems are back in operation.
- Support is fully available and operational again.
- Most of our internal processes have been restored.
- The check of the software source codes is almost complete.
- All KISTERS business units now have their own website areas again, which will be further expanded in the near future. [Overview business units]
Consequently, we will stop the closely timed updates at this point. From now on you will find all news under [News]. The complete information on the cyber attack is available here.
Please understand that there are still some areas and systems that are not yet working as usual.
Thank you very much for your trust over the last few weeks.
Things are moving forward on our websites:
- The website of our subsidiary KISTERS North America is completely online again. There you will find information and solutions for the water industry and the energy industry, amongst others: [Website KISTERS North America]
- Our business unit Viewer is also back online with its 3DViewStation: [Website KISTERS 3DViewStation]
- The Energy Division now has a more comprehensive German website again with information for the market roles, our solutions and offers as well as news: [Website KISTERS Energy (German)]
Our colleagues continue to work at full speed to restore normal operations for our customers and internally.
From now on, updates on the current situation will only be provided here when we have relevant new information to share with you.
As part of the rebuilding of the KISTERS infrastructure, we have outsourced our email servers (MS Exchange) to the Microsoft Azure Cloud. The decisive factor for this was, on the one hand, our goal to be reachable by email again as quickly as possible and, on the other hand, a technical decoupling of the email servers from our internal infrastructure. At the same time, we are also taking into account the special threat situation currently identified by the BSI and the BKA.
[Press release BSI - german only]
La reconstrucción de la infraestructura interna sigue avanzando.
Actualmente estamos trabajando para restaurar los sitios web de nuestras unidades de negocio individuales.
Comunicados de prensa: En la noche del 11 de noviembre de 2021, la empresa informática KISTERS fue víctima de un ciberataque. Los atacantes criminales se aseguraron el acceso a los datos de la empresa mediante un ataque de ransomware orquestado, los cifraron y amenazaron con publicar los datos capturados. El ultimátum correspondiente ha expirado.
[Comunicado de prensa completo]
The reloading of the cloud systems is making progress.
From now on, we will communicate customer-specific updates to the cloud systems directly to customers only.
In addition, further colleagues are currently gaining access to their email inboxes and the company network successively.
Since Wednesday, the cloud solutions have been reloaded. This takes several hours per system. Yesterday, the multi-stage virus checks of the customer systems were started, which currently take up to 24 hours per customer system. So far, no abnormalities have been detected in customer systems. Starting this weekend, the first systems will be activated in a strongly secured environment in our computer centre. These systems will then be checked by our technical colleagues/consultants and will then go into the release process. Even though this is still a very lengthy and time-consuming process, we consider it necessary to ensure IT security.
In addition, the first colleagues in Aachen, Oldenburg and Vienna received their newly installed computers today. Other employees and locations will follow successively.
The KISTERS telephony systems have been rebuilt and are now gradually being put back into operation. Our colleagues in individual locations (such as Aachen and Oldenburg in Germany) can already be reached again as usual. Other locations will follow. [Contact details]
E-mails to colleagues' personal KISTERS addresses have been back in their mailboxes since 14 November 2021 and will not be lost (e-mails to KISTERS collective addresses since 20 November). However, for security reasons, colleagues do not have internal access to their mailboxes yet. We will inform you here as soon as this changes.
The setup of the new IT infrastructure has been completed to such an extent that the restore from the secure backup was started today. The check will then be started successively tomorrow.
In order to guarantee the security of our customers, we are completely rebuilding our systems. The work on this is currently in full swing. Data that we can use from the back-up will be carefully checked in advance to ensure integrity and consistency as far as possible.
For our cloud customers, we will start restoring the systems tomorrow (Wednesday), and from Thursday onwards, these systems will be checked immediately and monitored for any anomalies.
After that, the release will take place step by step in the following days and weeks. Your KISTERS contact person will then get in touch with you.
Parallel to this, the forensic analyses will continue.
According to the forensic analyses carried out so far, there are currently no indications that our delivered software products have been compromised.
We will be happy to talk to you and pass on information verbally. Please contact your sales representative directly by telephone or use the contact details on this website.
Ciberataque a KISTERS AG
En la noche del 10 al 11 de noviembre de 2021, fuimos víctimas de un ciberataque. Según los últimos informes, los atacantes accedieron a nuestra red informática a través de un ataque de ransomware orquestado a pesar de que contam