A ransomware attack has disrupted the operations of Houston-based ENGlobal Corporation, a key contractor specializing in engineering and automation services for the energy sector and US government, highlighting the persistent cybersecurity threats facing critical infrastructure contractors. The breach, detected on November 25, 2024, prompted the company to take portions of its IT systems offline to mitigate the impact. According to the US Securities and Exchange Commission filing, the attack involved illegal access to the company’s IT system and encryption of data files. Currently, ENGlobal is operating with limited IT system access, focusing on essential business functions, with no clear timeline for full restoration. The potential impact on financial performance and operations remains undetermined.
ENGlobal has initiated containment and remediation efforts, with external cybersecurity experts involved and an internal investigation underway. Details about the ransomware used and whether sensitive data was stolen have not been disclosed. Additionally, no ransomware group has claimed responsibility for the attack, leaving many questions unanswered. ENGlobal’s clients, which include significant energy sector entities and US government agencies such as the Department of Defense and the Department of Energy, are also paying close attention to the situation as the potential fallout could impact their own operations.
The incident has underscored the vulnerability of contractors in the energy sector to cybersecurity threats, emphasizing the critical need for robust protective measures. Security experts recommend regular software updates, strong data encryption, secure offline backups, employee training, and testing of recovery procedures to guard against such attacks. As ENGlobal works diligently to resolve the issue, the broader community must recognize the importance of enhanced cybersecurity strategies to protect critical infrastructure systems from evolving cyber threats.