A Denmark-based global facility-management company was hit with a major cyber attack this week that shut down its worldwide computer systems for a few days and disrupted operations across its global network of employees.
ISS World cut off access to shared IT services across its customer sites and offices worldwide after it was the target of a malware attack on Monday, Feb. 17, the company said in a press statement.
“The root cause has been identified and we are working with forensic experts, our hosting provider and a special external task force to gradually restore our IT systems,” the company said.ISS was able to restore some systems early into the attack and said it initially did not see any evidence of the compromise of customer data. Still, the attack left the 43,000 employees of the company without access to email or other online services, according to reports.
ISS—based Soburg, Denmark–provides turnkey facility-management services, such as cleaning, catering and security, to clients in more than 70 countries. Its global network of employees generally works not in offices but at client facilities to ensure day-to-day operations run efficiently.
While ISS World is not officially sharing details of the attack, some reports suggest the attackers used ransomware, noting the immediate cut off of online services as a typical indicator of a cyber extortion scheme. Threat actors in these type of attacks often hijack company computer systems until the targeted firm pays a ransom. However, the specifics of the attack are still unknown and ISS will only say it is investigating.
The attack is reminiscent of two other ransomware attacks that happened around the same time that crippled the computer systems of companies that provide key infrastructure or services, creating a ripple effect that hamstrung global operations.
One reported this week happened at a natural gas compression facility in the U.S., resulting in a two-day pipeline shutdown as the unnamed victim worked to bring systems back online from backups.
The other, which occurred Feb. 14, is being reported as a ransomware infection at INA Group, Croatia’s biggest oil company and its largest petrol supply station chain. The attack infected and then encrypted some of the company’s back-end servers, according to a published report.
By Friday morning European time, ISS World’s websites were working as usual again, but it’s not clear if the company has restored email and other online systems to full working order. A link to the company’s statement about the attack on the website home page did not offer any new information.
Ducklin urged ISS World customers not to “jump down the throat” of ISS officials and instead to exercise patience and give the company time “to find out as much as it can, with as much forensic precision as possible, before expecting it to reveal what it knows,” he wrote.