On 5th – 6th August, Zaun was subjected to a sophisticated cyber-attack on our IT Network by the LockBit Ransom group. Our own cyber security prevented the server from being encrypted. West Midlands Regional Cyber Crime Unit are aware of the attack. We have been able to continue work as normal with no interruptions to service.
In an otherwise up-to-date network, the breach occurred through a rogue Windows 7 PC that was running software for one of our manufacturing machines. The machine has been removed and the vulnerability closed.
At the time of the attack, we believed that our cyber-security software had thwarted any transfer of data. However, we can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of data, 0.74% of our stored data.
It is well known that Zaun is a specialist in high-security perimeter fencing and has supplied fencing to many high-profile sites. Sites where our products are used include prisons, military bases and utilities. These fencing products are generally used to separate the public from the secure asset and as such are on public display and in the public domain. Full details of all our products are also available on our website and available for unrestricted purchase. As such it is not considered that any additional advantage could be gained from any compromised data beyond that which could be ascertained by going to look at the sites from the public domain.
Zaun Limited would like to issue the following statement.
“We are aware of an attack upon our servers by the Lockbit Ransom group at the beginning of August. Our cyber-security systems closed the attack before they could encrypt any files on the server. However, it has become apparent that LockBit was able to download some data from our system which has now been published on the Dark Web.
LockBit will have potentially gained access to some historic emails, orders, drawings and project files, we do not believe that any classified documents were stored on the system or have been compromised. We are in contact with relevant agencies and will keep these updated as more information becomes available. This is an ongoing investigation and as such subject to further updates.
The National Cyber Security Centre (NCSC) has been contacted and we are taking their advice on this matter. The ICO has been contacted as well with regards to the attack and data leak. Zaun is a manufacturer of fencing systems and not a Government approved security contractor. As a manufacturer of perimeter fencing, any member of the public can walk up to our fencing that has been installed at these sites and look at it.
Zaun is a victim of a sophisticated cyber-attack and has taken all reasonable measures to mitigate any attack on our systems.”
Should you have any questions with regards to this update please direct all enquiries to Stewart Plant, Head of Sales and Marketing via email at info@zaun.co.uk