It's not a question of whether a company will fall victim to a cyber attack, but when. Ransomware attacks in the mechanical and plant engineering sector increased significantly in 2019. Ransomware is basically an infection with malware that encrypts entire data records and IT systems. The attackers then demand large sums of money from the victims in order to remove the encryption. Such attacks can paralyze all systems, from administration and web servers to production. The damage can quickly run into the tens of millions and the effects of such attacks can keep affected companies busy for years to come.

"It is not enough to focus solely on defending against cyber attacks," explains Steffen Zimmermann, Head of the Competence Center Industrial Security at VDMA. "Every company must prepare for an emergency." Small and medium-sized companies are particularly at risk: "They often lack the necessary emergency preparedness concepts and crisis plans to know what steps to take in the event of a ransomware attack."

Measures in an emergency

As soon as a ransomware attack occurs, quick action and rapid assistance are essential. In particular, the rapid restoration of operational systems to a secure and stable working mode is of great importance. To support companies in this regard, the VDMA has compiled an overview of emergency measures and contact details for authorities and service providers.

With the emergency aid paper, the VDMA, together with mechanical and plant engineering experts from the "Information Security" working group, has compiled the answers to basic questions following a ransomware infection:

1. How do I recognize an attack?
2. When do I declare a ransomware emergency?
3. What do I do in a ransomware emergency?
4. What should I avoid?
5. Who can I ask for support in an emergency?
6. What measures can I take to prevent it from happening (again)?

The ransomware paper is available free of charge from the VDMA at industrialsecurity.vdma.org.