Scottish engineering giant Weir Group suffers ransomware attack 

Scottish engineering giant Weir Group has said there is no evidence that its data has been exfiltrated or encrypted following a cyber attack last month.

The multinational revealed it suffered a ransomware incident in September but moved to reassure markets insisting that disruption has been minimised by a quick and effective response to the incident.

However divisional revenues were impacted by the cybersecurity incident towards the end of September, the firm, the firm said in a third quarter results statement.

Jon Stanton, chief executive, said: “We responded quickly and comprehensively to what was a sophisticated external attack on our business. The robust action to protect our infrastructure and data has led to significant temporary disruption but our teams have responded magnificently to this challenge and have managed to minimise the impact on our customers. We will continue to focus on the safe restoration of all our systems whilst strengthening our future resilience even further. 

“More broadly, the continued strong demand across our markets in Q3, particularly for our more sustainable solutions, reinforces our view that Weir is ideally placed to benefit from a multi-decade growth opportunity, as the mining industry invests in expanding capacity while reducing its environmental impact. 

“We remain on track to deliver our recently announced three-year performance goals that will see us increase revenues, expand margins and significantly reduce our environmental footprint.” 

In the trading statement the firm revealed the cyber incident had:

• No impact on Q3 orders; All facilities are operational with customer impact being mitigated 
• Business continuity plans and cyber counter-measures working well 
• Q3 profitability impacted with revenue deferrals on shipment delays and under-recoveries 
• Capabilities being progressively restored but operational inefficiencies expected into Q4  
• Group liaising with regulators and relevant intelligence services 

Weir’s cybersecurity systems and controls were said to have ‘responded quickly to the threat and took robust action’. This included isolating and shutting down IT systems including core enterprise resource planning (ERP) and engineering applications. Those applications are now restored on a partial basis, and other applications are being brought back online in what the company described as a ‘progressive manner in order of business priority’.  

The firm said: “The above actions have led to a number of ongoing but temporary disruptions including engineering, manufacturing and shipment re-phasing, which has resulted in revenue deferrals and overhead under-recoveries. Effective capabilities are being progressively restored in the coming weeks but the consequences of the operational disruption and associated inefficiencies are expected to continue into the fourth quarter.  

“Our forensic investigation of the incident is continuing and so far, there is no evidence that any personal or other sensitive data has been exfiltrated or encrypted. We are continuing to liaise with regulators and relevant intelligence services.  Weir confirms that neither it, nor anyone associated with Weir, have been in contact with the persons responsible for the cyber-attack.”

Furthermore the company said there has been no negative impact on orders in Q3 and it continues to deliver full year order growth in line with expectations, resulting in a strong order book for 2022.