Siegfried, Brenntag, and Symrise hit by cyberattacks

When hackers gain access to company networks, major real-world disruptions can ensue, as the recent ransomware attack on Colonial Pipeline showed. Chemical companies are not immune. Recent cyberattacks on Siegfried, Brenntag, and Symrise forced temporarily halts in manufacturing and other operations while the firms investigated the breaches.

The drug ingredient manufacturer Siegfried says it detected a malware attack on May 21. In response, the Swiss company shut down production at multiple sites, cut off network connections, and scoured its information technology systems. Among other things, Siegfried packages the Pfizer-BioNTech COVID-19 vaccine.

And just days after the May 7 attack on Colonial by DarkSide, information security experts reported that the chemical distributor Brenntag was also a DarkSide victim. Lawrence Abrams, a malware specialist, wrote on the news site Bleepingcomputer.com that Brenntag paid a $4.4 million ransom in Bitcoin to DarkSide to access company files that had been encrypted and to prevent stolen data from being leaked.

Brenntag says it does not comment on reports and demands linked to hacking. In an e-mail, the company says it was confronted with a “limited information security incident in North America” and that it hired cybersecurity and forensics efforts to assist its investigation.

It’s no surprise that chemical firms have been targeted recently, says Sharon Klein, chair of the privacy, security, and data protection practice at Blank Rome, a law firm. The industry’s visibility during the COVID-19 pandemic makes companies targets for foreign governments looking for trade secrets and criminals hoping to make money from companies that may be distracted by their critical mission.

“Cyber gangs follow the money, and they also want to get attention. That helps groups like DarkSide to do business as ransomware for hire,” Klein says. They team up with criminals armed with stolen access credentials to target a firm and split the profits. Abrams reports that the Brenntag heist followed this model.

While hackers have become extremely sophisticated, Klein says, their access methods will be familiar to any office worker. They use so-called phishing e-mails to get an employee to click on a malware link or share sensitive data. Or they exploit spots where companies have been slow to install security updates.

Hacked companies typically shut down plants to buy time to track down and prevent the spread of malware. The process is time-consuming, costly, and potentially dangerous. Cyber thieves can put cloaking software on top of the malware, making the bad code hard to find, Klein notes.

A recent cyberattack on the flavor and fragrance ingredient firm Symrise demonstrates the potential business impact. In a year-end report, CEO Heinz-Jürgen Bertram says bad actors attempted to extort the company, though it did not pay up. The resulting delays in production and logistics kept the firm’s 2020 sales growth to 2.7%, he says, short of its 3-4% target.