{
	"id": "3ce514b3-2da5-45b7-90e4-af3d82c914a3",
	"created_at": "2026-04-06T00:17:54.545125Z",
	"updated_at": "2026-04-10T13:12:32.269597Z",
	"deleted_at": null,
	"sha1_hash": "45ccb349fa435b093b58c36613b6a683bd90049f",
	"title": "German wind farm operator confirms cybersecurity incident",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 72570,
	"plain_text": "German wind farm operator confirms cybersecurity incident\r\nBy Jonathan Greig\r\nPublished: 2023-01-12 · Archived: 2026-04-05 23:11:03 UTC\r\nGerman wind farm operator Deutsche Windtechnik confirmed that it was hit with a cyberattack earlier this month,\r\nbecoming the latest in a string of German energy providers to face disruptions from a cybersecurity incident.\r\nIn a statement, the company said its IT systems were targeted by a cyberattack on the night between April 11 and\r\n12. \r\n“As we previously reported, we were able to reactivate the remote data monitoring connections to the wind\r\nturbines after 1-2 days, which had been switched off for security reasons,” the company explained.  \r\n“We are very happy that the wind turbines that we look after did not suffer any damage and were never in danger.\r\nDeutsche Windtechnik's operational maintenance activities for our clients resumed again on April 14 and are\r\nrunning with only minor restrictions.”\r\nThe company’s IT team was able to isolate the problems and the company noted that its forensic analysis showed\r\nit was a “targeted professional cyberattack.”\r\nIt is still working to restore the availability of all communication channels and noted that the incident was reported\r\nto the German Federal Office for Information Security (BSI).\r\nThe company did not respond to questions about whether it was hit with a ransomware attack, but it showed up on\r\nthe leak site of the Black Basta ransomware gang according to MalwareHunterTeam, an account on Twitter\r\ntracking ransomware groups.\r\nNot seen it mentioned by anyone yet, so: Deutsche Windtechnik is also on Black Basta ransomware\r\ngang's leak site. Leak is at 100% published stage already.\r\nActually, not really got surprised to see this company on their leak site... pic.twitter.com/eH6keCpSWb\r\n— MalwareHunterTeam (@malwrhunterteam) April 26, 2022\r\nThere have been several attacks on German energy providers this year. German wind turbine maker Nordex was\r\nforced to shut down its IT systems across multiple locations and business units after it was hit with a cyberattack\r\non March 31.\r\nThe attack on Nordex followed an incident where a cyberattack on satellite communications company Viasat\r\ncaused the malfunction of 5,800 Enercon wind turbines in Germany.\r\nWind turbine maker Vestas was hit with a ransomware attack in November, and the group behind the attack\r\neventually threatened to leak the data it stole. Like Nordex, the company had to shut down its IT systems across\r\nmultiple business units and locations to stop the issue from spreading.\r\nhttps://therecord.media/german-wind-farm-operator-confirms-cybersecurity-incident-after-ransomware-group/\r\nPage 1 of 2\n\nOil companies Oiltanking and Mabanaft, both owned by German logistics conglomerate Marquard \u0026 Bahls\r\nGroup, suffered a cyberattack that crippled their loading and unloading systems in February.\r\nAn internal report from the BSI said the BlackCat ransomware group was behind the cyberattack on the oil\r\ncompanies. \r\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/german-wind-farm-operator-confirms-cybersecurity-incident-after-ransomware-group/\r\nhttps://therecord.media/german-wind-farm-operator-confirms-cybersecurity-incident-after-ransomware-group/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/german-wind-farm-operator-confirms-cybersecurity-incident-after-ransomware-group/"
	],
	"report_names": [
		"german-wind-farm-operator-confirms-cybersecurity-incident-after-ransomware-group"
	],
	"threat_actors": [],
	"ts_created_at": 1775434674,
	"ts_updated_at": 1775826752,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/45ccb349fa435b093b58c36613b6a683bd90049f.pdf",
		"text": "https://archive.orkl.eu/45ccb349fa435b093b58c36613b6a683bd90049f.txt",
		"img": "https://archive.orkl.eu/45ccb349fa435b093b58c36613b6a683bd90049f.jpg"
	}
}