Ransomware cyber

DESMI

Apr 9, 2023 2 min read
DESMI

In April 2023, DESMI, a Denmark-based global pump solutions provider, fell victim to a ransomware attack by the Clop gang, exploiting the CVE-2023-34362 MOVEit vulnerability. The attack forced a complete shutdown of all IT systems, though critical operations—such as ERP, finance systems, and production sites in China, India, America, and Denmark—remained unaffected. The breach occurred during the COVID-19 pandemic, with employees working remotely, increasing vulnerability. DESMI’s CEO, Henrik Sørensen, confirmed no ransom would be paid, and third-party cybersecurity experts were engaged to investigate and restore services. The incident was reported to Danish authorities and police, with notifications sent to customers and business partners to mitigate impact. While the company aimed to restore systems within weeks, the attack disrupted IT infrastructure, risked data exposure, and required significant recovery efforts. No evidence of large-scale data theft or operational halts was reported, but the IT outage and potential reputational damage posed notable challenges.

Source: https://www.hackmageddon.com/2023/09/05/16-31-july-2023-cyber-attacks-timeline/

TPRM report: https://www.rankiteo.com/company/desmi-as

"id": "des658092025",
"linkid": "desmi-as",
"type": "Ransomware",
"date": "4/2023",
"severity": "75",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'pump solutions / manufacturing',
                        'location': 'Denmark (global operations)',
                        'name': 'DESMI',
                        'type': 'private company'}],
 'attack_vector': 'exploitation of vulnerability (CVE-2023-34362 in MOVEit)',
 'customer_advisories': ['notifications issued'],
 'data_breach': {'data_encryption': True},
 'date_detected': '2023-04',
 'date_publicly_disclosed': '2023-04',
 'description': 'In April 2023, DESMI, a global pump solutions company based '
                'in Denmark, experienced a ransomware attack by the Clop gang. '
                'The attack led to the shutdown of all IT systems, but the ERP '
                'and finance systems were not compromised. Production sites in '
                'China, India, America, and Denmark continued to operate '
                'without disturbances. The attack exploited the CVE-2023-34362 '
                'MOVEit vulnerability during the COVID-19 pandemic when '
                "employees were working from home. DESMI's CEO confirmed no "
                'plans to pay the ransom. Third-party cybersecurity experts '
                'were hired to investigate and restore IT services. The '
                'incident was reported to authorities, and DESMI is notifying '
                'customers and business partners. The company aims to minimize '
                'customer impact and expects systems to be operational within '
                'a couple of weeks.',
 'impact': {'downtime': 'a couple of weeks (expected)',
            'operational_impact': 'IT systems shutdown; production sites in '
                                  'China, India, America, and Denmark remained '
                                  'operational',
            'systems_affected': ['all IT systems (excluding ERP and finance '
                                 'systems)']},
 'initial_access_broker': {'entry_point': 'CVE-2023-34362 (MOVEit '
                                          'vulnerability)'},
 'investigation_status': 'ongoing (as of disclosure)',
 'motivation': 'financial (ransomware)',
 'post_incident_analysis': {'root_causes': ['exploitation of unpatched MOVEit '
                                            'vulnerability (CVE-2023-34362)',
                                            'remote work conditions during '
                                            'COVID-19 pandemic']},
 'ransomware': {'data_encryption': True,
                'ransom_demanded': True,
                'ransomware_strain': 'Clop'},
 'regulatory_compliance': {'regulatory_notifications': ['reported to Danish '
                                                        'Police and '
                                                        'authorities']},
 'response': {'communication_strategy': ['notifying customers and business '
                                         'partners',
                                         'public disclosure by CEO'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'recovery_measures': ['systems expected to be operational within '
                                    'a couple of weeks'],
              'remediation_measures': ['investigation by third-party experts',
                                       'restoration of IT services'],
              'third_party_assistance': ['cybersecurity experts (unnamed)']},
 'stakeholder_advisories': ['notifications to customers and business partners'],
 'threat_actor': 'Clop gang',
 'title': 'Ransomware Attack on DESMI by Clop Gang (April 2023)',
 'type': 'ransomware',
 'vulnerability_exploited': 'CVE-2023-34362 (MOVEit)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.