Picanol Group ransomware production halt (Belgium, 2020)
A ransomware attack paralysed weaving-machine manufacturer Picanol's plants in Ieper (Belgium), Romania, and China, halting production for ~2,300 employees for over a week. Trading in Picanol shares was suspended during the disruption.
- Victim
- Picanol Group
On 13 January 2020, the Belgian weaving-machine manufacturer Picanol Group was hit by a ransomware attack that paralysed its three production plants β in Ieper (Belgium), Romania, and China β for over a week. With its entire production process controlled by computers, Picanol had no manual fallback and was forced to suspend operations almost completely.
What happened
Picanol designs and builds high-end industrial weaving machines and employs roughly 2,300 staff worldwide, with 1,600 in Ieper alone. The attack encrypted the IT systems that orchestrate Picanol's manufacturing operations across all three plants. Because Picanol's production process is end-to-end computer-managed, the company had no practical way to manufacture during the outage.
Picanol confirmed the cyberattack publicly on 15 January 2020. Trading in Picanol's shares on Euronext Brussels was suspended during the disruption. The company set expectations clearly with the market: there would be no production that week, and the restoration would proceed step-by-step.
Production restarted progressively on 20 January 2020, approximately a week after the initial encryption. Share trading resumed at the same time.
Impact
- All three production plants (Belgium, Romania, China) halted for ~a week.
- Approximately 2,300 employees affected by the disruption.
- Euronext trading in Picanol shares suspended during the outage.
- Production restarted step-by-step from 20 January 2020.
Why it matters
Picanol is one of the cleanest early cases of a ransomware-driven production halt at a mid-cap manufacturer with a fully computerised production line. The market response β automatic suspension of share trading β set an important precedent for how European exchanges treat cyber-driven operational disruptions at listed manufacturers, and the staged restart became a model for similar incidents at Norsk Hydro, Asahi, and Continental in subsequent years.
Timeline
Ransomware encrypts core IT systems at Picanol Group's headquarters and plants. Production at Ieper (Belgium), Romania, and China halts almost completely. Trading in Picanol shares is suspended.
Picanol confirms the cyberattack publicly; production is expected to be at a standstill for at least the rest of the week.
Picanol begins step-by-step restart of production activities approximately a week after the attack. Trading in Picanol shares resumes.
Sources
- vrt.behttps://www.vrt.be/vrtnws/en/2020/01/13/ransomware-shuts-down-production-at-flemish-multinational/
- ics-cert.kaspersky.comhttps://ics-cert.kaspersky.com/publications/news/2020/01/17/picanol-ransomware/
- picanol.behttps://www.picanol.be/en/news/press-release
- commercialriskonline.comhttps://www.commercialriskonline.com/ransomware-attack-brings-down-production-at-belgian-firm-picanol/
- vpnoverview.comhttps://vpnoverview.com/news/trading-in-picanol-shares-resumes-after-large-scale-ransomware-attack/