Hany AG Suffers Ransomware Attack, Operates in Construction Sector

Company Overview

Hany AG is a Swiss company that provides solutions for rein- and abwasserbewirtschaftung (clean and wastewater management) on a communal and industrial level, as well as for haustechnik and gebäudetechnik (house technology and building technology). They produce mass-customized PE-products such as pumpenschächte and schlammsammler (pump shafts and sludge collectors) from a modern production facility. The company also offers injection systems for the strengthening and sealing of the ground, making it possible to build on difficult ground conditions.

Vulnerabilities and Targeting

Ransomware attackers often target organizations with poor credential hygiene and legacy configurations, which can allow them to gain access and steal valuable data. In the case of Hany AG, the specific vulnerabilities that led to the attack are not publicly disclosed. However, it is known that ransomware attackers can exploit unpatched software, outdated hardware, and weak security practices to gain entry and deploy their malware.

Industry Impact

The construction sector has seen an increase in ransomware attacks, with criminals targeting organizations for the shock value or type of data they can exfiltrate. These attacks can cause significant disruption to operations, leading to lost productivity, revenue, and potentially damaging the reputation of the targeted company.

Mitigation Strategies

To protect against ransomware attacks, organizations should implement best practices such as multifactor authentication, endpoint detection and response, encryption, and a skilled, empowered security team. Regularly testing incident response plans, backing up data, and patching systems promptly are also crucial in preventing successful attacks.

The ransomware attack on Hany AG serves as a reminder that no company is immune to these types of cyber threats. It is essential for organizations to prioritize cybersecurity and implement robust security measures to protect against ransomware and other cyber threats.

Sources

• Hany AG Website: https://www.haeny.com/
• AG Healey Urges Businesses and Government Agencies to Take Immediate Steps to Protect Operations from Ransomware Attacks: https://www.mass.gov/news/ag-healey-urges-businesses-and-government-agencies-to-take-immediate-steps-to-protect-operations-from-ransomware-attacks
• Ransomware as a Service: Understanding the Cybercrime Gig Economy and How to Protect Yourself: https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/
• NY AG issues $450k penalty to US Radiology after unpatched bug led to ransomware attack: https://therecord.media/new-york-attorney-general-fines-radiology-firm-after-ransomware-attack