The Conti ransomware group attacked and forced the shutdown of the European wind turbine manufacturing giant Nordex. The attack was discovered on March 31, and the ransomware group claimed responsibility for this attack recently.

The cyberattack on Nordex 

While the cyberattack was detected by the company at an early stage, it affected multiple systems at various branches.
  • A week ago, the targeted firm stated that it was still working on recovering the IT systems to return operations to normal. 
  • Conti enlisted Nordex as its victim on April 11, although it seems that it was publicly disclosed on April 14.
  • The targeted firm did not disclose or provide any information regarding the type of cyberattack it was hit by. However, the fact that the attack shut down various systems implied the use of ransomware.
  • Conti announced the Nordex hack on its leak site on the Tor network with no info on stealing any sort of data.

Recent revelations about Conti

Recently, a leak of internal documents belonging to the ransomware group disclosed information about the group's size, operations, and leadership.
  • It was noted that Conti operates as an enterprise with salaried employees, who have performance reviews and even obtain bonuses and rewards such as employee of the month awards.
  • Although, these employees are unaware of the actual employer and are told that they are working for an advertising company.


The recent attack of Conti on Nordex shows the growing capabilities of enterprise-type cybercriminal groups. Thus, organizations are always suggested to follow robust anti-ransomware measures, including limited access control, backup of important data, and staying up to date.

Cyware Publisher