Major energy contractor reports 'limited' access to IT after ransomware locks files

American energy contractor ENGlobal disclosed that access to its IT systems remains limited following a ransomware infection in late November.

In a Monday filing with the US Securities and Exchange Commission (SEC), the company said it became aware of a cybersecurity incident on November 25 after criminals broke into its networks and locked up some of its files. 

"While the investigation and remediation efforts remain ongoing, access to the company's IT system is limited to essential business operations," according to the Form 8-K filing.

The Form 8-K filing doesn't specify how much and what type of data the crooks got their hands on, stating only that an investigation revealed they had "illegally accessed the company's IT system and encrypted some of its data files," but it's worth noting that ENGlobal has several high profile customers including the US Department of Defense and Department of Energy, as well as private companies that produce fuel and gas. 

ENGlobal provides engineering, automation, and construction services for these critical infrastructure sectors. This makes it a high value target for extortionists, both for the sensitive information it houses and also because digital crooks know that major corporations providing critical services are more likely to pay a ransom demand to keep their operations up and running and to protect their customers' data.

ENGlobal did not immediately respond to The Register's inquiries about the attack. 

• Ransomware continues to pile on costs for critical infrastructure victims
• FBI: Critical infrastructure suffers spike in ransomware attacks
• Severity of the risk facing the UK is widely underestimated, NCSC annual review warns
• Ransom gang claims attack on NHS Alder Hey Children's Hospital

Upon detecting the intruders, the company says it "immediately took steps to contain, assess and remediate the cybersecurity incident, including beginning an internal investigation, engaging external cybersecurity specialists, and restricting access to its IT system."

There's no word yet on when ENGlobal expects to restore full access to these systems, and it hasn't determined if the ransomware attack will have any material impact on its finances or hurt its operations.

ENGlobal reported $39 million in revenue last year.

This latest cybercrime comes as critical orgs across the US and the UK have come under increasing attack from online gangs.

Late last month a ransomware crew threatened to leak data stolen from one of England's top children's hospitals: Liverpool's Alder Hey Children's Hospital and Liverpool Heart and Chest Hospital NHS Foundation Trust.

In October, American Water stopped issuing bills and took its MyWater app offline while it investigated a cyberattack on its systems. The major provider supplies water to over 14 million people in the US and numerous military bases. ®