Energy sector contractor ENGlobal Corporation on Monday announced that some of its operations have been affected by a ransomware attack.
In a regulatory filing with the US Securities and Exchange Commission, the company revealed that it discovered the attack on November 25 and took certain systems offline to contain the incident.
“The preliminary investigation has revealed that a threat actor illegally accessed the company’s information technology (IT) system and encrypted some of its data files,” ENGlobal Corporation said.
“Upon detecting the unauthorized access, the company immediately took steps to contain, assess and remediate the cybersecurity incident, including beginning an internal investigation, engaging external cybersecurity specialists, and restricting access to its IT system,” it continued.
As a result of the containment measures and the ongoing investigation, only access to essential business operations has remained available, the company told the SEC.
ENGlobal Corporation also noted that its recovery efforts continue, but could not provide an estimate as to when full access to its IT systems would be restored.
“The company has not yet determined whether the cybersecurity incident is reasonably likely to materially impact the company’s financial condition or results of operations,” ENGlobal Corporation noted.
The company did not share information on whether any data was stolen from its network, nor on the file-encrypting ransomware that was used in the attack. SecurityWeek has not seen any known ransomware groups claiming responsibility for the incident.
Advertisement. Scroll to continue reading.
Headquartered in Houston, Texas, ENGlobal Corporation provides engineering and professional services, mainly for energy sector organizations in the US and abroad, as well as for US government agencies. The company builds automated control systems for plants, municipalities, hospitals, and commercial buildings.
Related: Two UK Hospitals Hit by Cyberattacks, One Postponed Procedures
Related: Employee Data Compromised in Hacker Attack on Space Technology Firm Maxar
Related: Ireland Joins EU Covid Travel Pass System After Ransomware Attack Delay
Related: Top Official Says Kansas Courts Need at Least $2.6 Million to Recover From Cyberattack