Recycling giant Tomra hit with cyberattack

But 'most' services are designed to operate offline

Tomra is known for manufacturing reverse vending machines, some of which are now inoperable

Image:

Tomra is known for manufacturing reverse vending machines, some of which are now inoperable

Norwegian recycling company Tomra has disconnected and isolated certain systems after an "extensive" cyberattack.

Tomra is heavily involved in the recycling space. It builds reverse vending machines (RVMs) - where members of the public can insert a used bottle or can and get money in return - as well as industrial equipment like metal and food sorting systems. It announced revenues of $1.2 billion last year.

The company first discovered the attack on the 16th July, taking immediate action to disconnect affected systems, it told the Oslo Stock Exchange.

The next day it provided a further update, telling investors that the attack had had "limited impact" on its customer operations.

"Most of TOMRA's digital services are designed to operate offline for a certain amount of time but may have reduced functionality in the interim. A team is working to establish temporary solutions for all digital systems to support keeping costumer solutions operational over time."

Tomra has multiple divisions, several of which have been affected.

Worst hit is the corporate side, Tomra Group. Internal IT services and "some" back office functionality were still offline as of the last update yesterday. As a result, "major" offices are offline and employees have been asked to work remotely.

The second most affected unit is Tomra Collection, which handles the RVMs. Older units are no longer operating, while in Europe and Asia "the majority" are working in offline mode. RVMs in Australia and North America have not been affected.

Tomra Recycling and Tomra Food are operating as usual, though some functionality is limited due to central digital services being offline.

At this point the company has not provided any details about the attack, including its type, the attacker's method of entry or who might be responsible.

Rob Bolton, VP EMEA at Versa Networks, said, "Service disruption continues to be an extremely popular method for cyber criminals, especially for those targeting businesses within the critical infrastructure sector. Disrupting any critical service is extremely serious and can result in nationwide social and economic impacts, as well as affect global supply chains."

Simon Chassar, CRO at Claroty, echoed Bolton's comments. He added, "By affecting the up-time of systems and services of a company like Tomra, which operates across multiple industries, attackers can inflict significant financial and social damage on the business itself as well as global supply chains, which will force them to act fast in paying any ransoms to restart operations."

So far there has been no indication of any ransom demand.