Lacroix manufacturing cyberattack shuts down three facilities

Lacroix Group, a French electronics manufacturer, had to close down three plants dispersed over two continents to contain what was most likely a ransomware attack.

The company’s security team intercepted a “targeted cyberattack” on Lacroix’s French, German, and Tunisian facilities on May 12th, the company announced.

Attackers encrypted local infrastructure in the three sites, and the company is scrambling to identify what type of data attackers managed to exfiltrate.

“The time needed to carry out these actions and to use the backups to restart should take a few days, which is why the three sites are closed for the week,” Lacroix said.

While the company doesn’t explicitly say so, the attack’s description strongly suggests that it was a ransomware attack. During these attacks, crooks deploy encryption malware to victims’ systems and export everything they can find.

According to Lacroix, the company cannot confirm when it will reopen targeted facilities, yet it aims to do so on May 22nd. However, the affected sites represented 19% of the group’s total sales last year, and the company doesn’t expect the attack to impact its yearly results.

Lacroix Group designs and manufactures electronic equipment for the automotive, aerospace, industrial, and health sectors. The company enjoyed a turnover of $770 million in 2022.

The attack against the French company marks the second time that cybercriminals have targeted a sizable European manufacturing equipment maker. Last week, ABB, a multinational industrial tech company specializing in electrification and automation, confirmed that certain locations and services were impacted by an “IT security incident.”

While ABB kept the nature of the attack secret, reports surfaced pointing to a ransomware attack by the Russia-linked syndicate Black Basta.