US energy contractor ENGlobal has confirmed it’s been hit by a ransomware attack which disrupted operations. .
The company provides engineering and automation services for energy companies and the US federal government, including the Department of Defense, NASA, and the Department of Energy.
ENGlobal revealed the incident, which was discovered on November 25, in an 8-K filing with the Securities and Exchange Commission (SEC) this week.
"The preliminary investigation has revealed that a threat actor illegally accessed the Company’s information technology (IT) system and encrypted some of its data files," it wrote.
"Upon detecting the unauthorized access, the Company immediately took steps to contain, assess and remediate the cybersecurity incident, including beginning an internal investigation, engaging external cybersecurity specialists, and restricting access to its IT system."
As a result of this, access to the company’s IT system was limited to essential business operations.
"The timing of restoration of full access to the Company’s IT system remains unclear as of the date of this filing," it said.
ENGlobal hasn't revealed whether any data was stolen, and no ransomware group appears to have claimed responsibility for the attack thus far.
Chris Grove, director of cybersecurity strategy at Nozomi Networks said the incident once again highlights the significant threats faced by critical infrastructure operators.
"Nation-state threat actors are actively penetrating critical infrastructure and lurk in the systems, undetected, lying in wait," Grove said.
"A company such as this victim, that services so many critical parts of society, has the potential to be a launching point for these types of offensive cyber operations. Had other threat actors been involved instead of profiteers seeking ransom, the outcome could have been a major catastrophe."
According to recent research from Kaspersky, two-thirds of energy, oil and gas, and utilities organizations were hit by ransomware in 2024, the same figure as in 2023.
Virtually all said that cyber criminals attempted to compromise their backups during the attack, with four-in-five of these attempts being successful.
The mean cost of recovery was $3.12 million, according to Kaspersky, much the same as the figure for 2023.
Last month, energy management firm Schneider Electric was hit by an attack from the Hellcat ransomware group, which claimed to have accessed more than 40GB of data and compromised critical data including projects, issues, and plugins.
The group demanded a $125,000 ransom in return for not disclosing the data.
