Ransomware Attack Cripples Energy Contractor for Six Weeks

US energy contractor ENGlobal Corporation was locked out of critical financial systems for six weeks following a ransomware attack that began on 25 November. The company disclosed the prolonged disruption in a filing with the US Securities and Exchange Commission (SEC) on Monday.

According to the update, the attack severely restricted access to business applications, including financial and operational reporting systems. While ENGlobal has since restored all systems, it warned that hackers accessed sensitive personal information. The company is now working to notify those affected.

Earlier SEC filings detailed how cybercriminals encrypted company data, forcing ENGlobal to limit IT access to essential operations. Despite the severity of the attack, the company does not expect a material financial impact.

ENGlobal, which specialises in automation and control systems for the energy and defence industries, operates in the US and internationally. The Oklahoma-based firm reported $18.4 million in revenue over the first nine months of 2024.

No ransomware group has claimed responsibility for the incident, but the six-week recovery period far exceeds the typical downtime for ransomware victims. A recent survey by cybersecurity firm Illumio found that most organisations take around 17 working days to contain and remediate such attacks.

“Ransomware is more pervasive and impactful than ever, with more organisations forced to suspend operations or experiencing major business failure because of attacks,” said Trevor Dearing, director of critical infrastructure at Illumio.

The incident highlights the growing threat cybercriminals pose to critical industries, with ransomware attacks increasingly disrupting operations and exposing sensitive data.