German superyacht manufacturer Lürssen suffers a ransomware attack

German superyacht manufacturer Lürssen reportedly suffered a ransomware attack during the Easter weekend that disrupted its daily operations.

Lürssen is one of the biggest names in the shipyard industry, manufacturing superyachts for private customers and ships for the German Navy. It has also signed a contract with Australia to build twelve offshore patrol vessels.

The security incident was first reported by the German news agency Buten un Binnen which received confirmation from Lürssen about threat actors carrying out a ransomware attack during the Easter holiday. 

 

Lürssen is working with external cyber security experts and the police, the latter initiating a criminal investigation to understand the nature and scope of the cyber attack.

“In coordination with internal and external experts, we immediately initiated all necessary protective measures and informed the responsible authorities,” a company spokesperson told local media.

The cyber attack has reportedly disrupted the company’s daily operations but the Lürssen-Kröger shipyard in Schleswig-Holstein continues to operate.

The company is yet to provide details on how threat actors infiltrated its network, or whether any data has been siphoned from the company servers. As of now, no cyber criminal gang has claimed responsibility for the cyber attack on Lürssen.

Commenting on the news, Dr. Darren Williams, CEO and founder of Blackfog, said, “Attackers do not discriminate - one could say, except for where the dollar sign is at play… with the link between ransomware and sectors involving the super-rich becoming increasingly prevalent.

“We are witnessing a growing trend of ‘high-end’ ransomware attacks (think Ferrari in March and Moncler last year) on sectors that have the potential for the highest financial yield, as the headlines show with latest attack against German shipbuilder Lürssen, which makes military vessels as well as luxury yachts.

“Interestingly, the attack coincides with increased pressure elsewhere in the world to make ransomware payments illegal, such as in Australia where the Australian Cyber Security Centre (ACSC), currently recommends that victims of ransomware attacks never pay a ransom. Although, it has been suggested such an impulsive reaction could only make matters worse, and I’m somewhat inclined to agree - criminalising ransomware payments is like shipping off fresh ammunition to the attackers, likely pushing them to more damaging data leaks and critical organisational network blocks.

“Without the latest Anti Data Exfiltration tools in place, and a solid backup/incident response plan ready for the darkest hour, even organisations with some of the highest capital worldwide cannot even consider a claim of some level of immunity to cyber-attacks,” he added.