Ransomware Attack Disrupts Operations for US Contractor ENGlobal

Houston-based company ENGlobal Corporation, known for its engineering and automation services in the energy sector and for the US government, recently faced a ransomware attack that disrupted its operations.

The breach, which was discovered on November 25, 2024, led to parts of ENGlobal’s IT systems being taken offline to contain the impact. The company shared this information in a regulatory filing with the US Securities and Exchange Commission (SEC).

ENGlobal has since taken steps to address the situation, including involving external cybersecurity experts and conducting an internal investigation. Currently, the company is operating with limited access to its IT systems, focusing on essential functions. The timeline for fully restoring IT system access is still uncertain, and the potential impact on financial performance and operations remains unclear.

While the specific details of the ransomware used and whether sensitive data was compromised have not been disclosed, ENGlobal has not received any claims of responsibility from known ransomware groups.

ENGlobal’s automation and control systems are crucial for energy sector clients and US government agencies, such as the Department of Defense and the Department of Energy. The company plays a vital role in various industries, including plants, municipalities, and commercial buildings.

This incident highlights the ongoing cybersecurity threats faced by critical infrastructure providers. To safeguard against ransomware attacks, experts recommend keeping software up to date, implementing strong data encryption, maintaining secure offline backups, and providing employees with cybersecurity training.

ENGlobal is actively working on resolving the issue and ensuring its systems are secure. While the timeline for full system recovery remains uncertain, the company is committed to addressing the situation and minimizing any potential impact on its operations.