Oklahoma-based ENGlobal Corporation, a significant contractor for the energy industry, has fallen victim to a ransomware attack, disrupting its operations and raising concerns about potential impacts on critical infrastructure.
The attack, discovered on November 25th, 2024, resulted in the encryption of some data files, prompting the company to restrict employee access to its IT systems. This incident highlights the growing threat of ransomware to critical infrastructure and the energy sector.
ENGlobal Cyberattack Disrupts ENGlobal Operations
ENGlobal Corporation, in a report filed with the U.S. Securities and Exchange Commission (SEC) on Monday evening, December 2nd, 2024, detailed the ransomware attack.
The company stated, “The preliminary investigation has revealed that a threat actor illegally accessed the Company’s information technology system and encrypted some of its data files.”
This breach forced ENGlobal to limit employee access to its IT systems, restricting access to only essential business operations. The company has initiated an internal investigation and engaged external cybersecurity experts to address the situation.
The impact of this ENGlobal ransomware attack on the company’s financial performance remains unclear. “The timing of restoration of full access to the Company’s IT system remains unclear as of the date of this filing,” the company acknowledged in its SEC filing.
The uncertainty surrounding the restoration timeline underscores the potential for significant disruption to ENGlobal’s operations and projects.
No ransomware gang has yet claimed responsibility for the attack. This lack of attribution makes it difficult to determine the group’s motives and capabilities, adding another layer of complexity to the investigation. The incident is particularly concerning given ENGlobal’s work designing and constructing automated control systems for commercial companies and the federal government, including specialized systems for the U.S. Defense industry.
Broader Implications of the ENGlobal Ransomware Attack
ENGlobal’s specialization in turnkey automation and instrumentation systems raises concerns about the potential exposure of sensitive data. The company reported nearly $6 million in revenue last quarter and $18.4 million for the first nine months of 2024, indicating its significant role within the energy sector.
The attack follows recent similar incidents, including a ransomware attack on building automation giant Johnson Controls, which alarmed officials at the Department of Homeland Security due to the company’s involvement in producing critical building infrastructure equipment. Attacks targeting companies like ENGlobal and Johnson Controls could expose sensitive documents, contracts, and plans for U.S. government facilities.
The recent spate of ransomware attacks targeting energy industry contractors underscores the growing vulnerability of critical infrastructure to cyber threats. Just three weeks prior to the ENGlobal cyberattack, another energy industry contractor reported a similar incident to the SEC. Furthermore, over the weekend, an unnamed ransomware gang attacked the state-owned energy provider for Costa Rica, highlighting the global reach of these attacks.
The ENGlobal ransomware attack serves as a stark reminder of the need for robust cybersecurity measures within the energy sector and beyond. The potential consequences of these attacks extend far beyond financial losses, impacting national security and critical infrastructure. The ongoing investigation into the ENGlobal incident will hopefully shed more light on the attackers’ methods and motives, contributing to better prevention and response strategies in the future.
