Houston-based ENGlobal Corporation, a contractor specializing in engineering and automation services for the energy sector and US government, announced Monday that a ransomware attack has disrupted its operations.
The company disclosed the incident on Monday in a regulatory filing with the US Securities and Exchange Commission (SEC).
The breach was identified on November 25 2024, prompting ENGlobal to take portions of its IT systems offline to mitigate the impact.
“The preliminary investigation has revealed that a threat actor illegally accessed the Company’s information technology (“IT”) system and encrypted some of its data files,” reads the SEC filing.
ENGlobal has since initiated containment and remediation efforts, including engaging external cybersecurity experts and launching an internal investigation.
At the time of writing, the company is operating with limited access to its IT systems, focusing on essential business functions. “The timing of restoration of full access to the Company’s IT system remains unclear as of the date of this filing,” ENGlobal stated. It has also yet to determine whether the incident will significantly affect its financial performance or operations.
ENGlobal has not disclosed details about the ransomware used or whether sensitive data was stolen. No known ransomware groups have claimed responsibility for the attack so far.
The company provides automation and control systems primarily for energy sector clients and US government agencies, including the Department of Defense and the Department of Energy. Its systems are used in plants, municipalities and commercial buildings.
The attack underscores ongoing cybersecurity threats facing critical infrastructure contractors. ENGlobal assured stakeholders that it is working diligently to resolve the issue, but did not estimate when its systems would be fully restored.
To protect against ransomware, security experts recommend regularly updating software, using strong data encryption and ensuring secure offline backups. Employee training and testing recovery procedures also play a crucial role in minimizing the impact of such attacks.