At the time, the Danish firm said that customers, employees and other stakeholders could be affected by the incident, and that it was working with internal and external partners to contain and recover.
An update on Monday morning warned that data had been compromised.
“However, there is no indication that the incident has impacted third party operations, including customer and supply chain operations,” it added.
“Vestas’s manufacturing, construction and service teams have been able to continue operations, although several operational IT systems have been shut down as a precaution. Vestas has already initiated a gradual and controlled reopening of all IT systems.”
Although not confirmed by Vestas, a ransomware attack would appear to be the front-runner in terms of likely cause. The turbine giant reported revenues of nearly €15bn in 2020, making it a potentially lucrative target.
High gas prices across Europe and a relatively poor year for wind production is also ratcheting up the pressure on providers of renewables.
Vestas claimed that its investigation is ongoing as the firm tries to “re-establish the integrity of its systems.”
Ransomware attacks surged by an astonishing 485% year-on-year in 2020, according to one report.
There could be yet more for security teams to worry about on this front as they head into winter, with new research claiming that the Conti group likely drove the restart of Emotet.
This could recreate a formidable and prolific source of high quality initial access for ransomware groups.
“Emotet’s return is not coincidental, it is caused by major shifts in the overall cybercrime domain,” argued AdvIntel.
“The growing monopolization of the ransomware world, which is rapidly conquered by only a few highly-organized criminal corporations, leads to better opportunities for criminal ventures like the Emotet botnet developers.”