{
	"id": "ea8fb18d-8cb0-4744-97d9-582c3a5fa82f",
	"created_at": "2026-04-06T01:29:48.139263Z",
	"updated_at": "2026-04-10T13:12:35.614143Z",
	"deleted_at": null,
	"sha1_hash": "087e329321b75f1ee15f3fd6200acc43c770dcb2",
	"title": "Wind turbine firm Nordex hit by Conti ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2901554,
	"plain_text": "Wind turbine firm Nordex hit by Conti ransomware attack\r\nBy Lawrence Abrams\r\nPublished: 2022-04-15 · Archived: 2026-04-06 00:55:51 UTC\r\nImage: Nordex\r\nThe Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was\r\nforced to shut down IT systems and remote access to the managed turbines earlier this month.\r\nNordex is one of the largest developers and manufacturers of wind turbines globally, with more than 8,500 employees\r\nworldwide.\r\nOn April 2nd, Nordex disclosed that they had suffered a cyberattack that was detected early and that the company had shut\r\ndown its IT systems to prevent the spread of the attack.\r\n\"The intrusion was noted in an early stage and response measures initiated immediately in line with crisis management\r\nprotocols. As a precautionary measure, the company decided to shut down IT systems across multiple locations and business\r\nunits,\" explained Nordex's original press statement.\r\nhttps://www.bleepingcomputer.com/news/security/wind-turbine-firm-nordex-hit-by-conti-ransomware-attack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/wind-turbine-firm-nordex-hit-by-conti-ransomware-attack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nHowever, BleepingComputer was told on March 31st that the company suffered a Conti ransomware attack which caused\r\nthe entire platform to go offline. Our source further said that Nordex did not know where the attack was coming from and\r\nwas starting their investigations.\r\nMultiple emails sent by BleepingComputer to Nordex to confirm if they suffered a ransomware attack have remained\r\nunanswered.\r\nYesterday, Nordex released an updated statement explaining that they had also disabled remote access to managed turbines\r\nto safeguard customers' assets.\r\nThey further state that their investigation shows that the attack was restricted to their own internal systems and did not\r\nspread to customers' assets.\r\n\"In close cooperation with relevant authorities, the emergency response team of internal and external IT experts has been\r\nperforming extensive investigations and forensic analysis,\" reads Nordex's update on the cyberattack.\r\n\"Preliminary results of the analysis suggest that the impact of the incident has been limited to internal IT infrastructure.\r\nThere is no indication that the incident spread to any third-party assets or otherwise beyond Nordex’ internal IT\r\ninfrastructure\"\r\nDanish wind turbine producer Vestas suffered a ransomware attack last November by the LockBit ransomware operation.\r\nConti ransomware claims attack on Nordex\r\nToday, the Conti ransomware operation claimed that they were behind the attack on Nordex.\r\nHowever, the ransomware gang has not begun leaking any data, indicating that the company may be negotiating with the\r\nthreat actors or that no data was stolen during the attack.\r\nConti ransomware claims attack on Nordex\r\nConti is an elite ransomware operation operated by a Russian hacking group known for other notorious malware infections,\r\nincluding Ryuk, TrickBot, and BazarLoader.\r\nhttps://www.bleepingcomputer.com/news/security/wind-turbine-firm-nordex-hit-by-conti-ransomware-attack/\r\nPage 3 of 4\n\nConti commonly gains access to a corporate network after a device becomes infected with the BazarLoader or TrickBot\r\nmalware infections through a phishing attack.\r\nWhile spreading through a network, the threat actors will steal files and upload them back to their servers.\r\nThis data is then used as part of double-extortion attacks to pressure victims into paying a ransom.\r\nThe Conti gang recently suffered its own data breach after a Ukrainian researcher published almost 170,000 internal chat\r\nconversations between the Conti ransomware gang members and the Conti ransomware source code.\r\nDue to the cybercrime gang's ongoing activity, the US government issued an advisory on Conti ransomware attacks.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/wind-turbine-firm-nordex-hit-by-conti-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/wind-turbine-firm-nordex-hit-by-conti-ransomware-attack/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/wind-turbine-firm-nordex-hit-by-conti-ransomware-attack/"
	],
	"report_names": [
		"wind-turbine-firm-nordex-hit-by-conti-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775438988,
	"ts_updated_at": 1775826755,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/087e329321b75f1ee15f3fd6200acc43c770dcb2.pdf",
		"text": "https://archive.orkl.eu/087e329321b75f1ee15f3fd6200acc43c770dcb2.txt",
		"img": "https://archive.orkl.eu/087e329321b75f1ee15f3fd6200acc43c770dcb2.jpg"
	}
}