ENGlobal Corporation reports ransomware attack impacting its IT systems

ENGlobal Corporation, a contractor in the energy industry specializing in automated control systems, is reporting a ransomware attack that has forced the company to restrict access to its IT systems. The incident was formally disclosed through a filing with the U.S. Securities and Exchange Commission (SEC) on the on 2nd of December 2024.

According to the company's investigation, threat actors illegally accessed their information technology system and encrypted various data files. ENGlobal has implemented several security measures, including restricting employee access to IT systems to essential business operations only and engaging external cybersecurity experts to assist with the investigation and recovery efforts.

No details are disclosed about any data exposed or the number of impacted individuals.

The timing for full system restoration remains unclear, and the company has not yet determined if the incident will materially impact its financial performance. As of Monday 2nd of December, no ransomware group had claimed responsibility for the attack.

Update - As of 27th of January 2025, the incident, which began on November 25, 2023, led to a six-week lockout from critical business applications. The attack caused disruptions to multiple business operations including:

• Financial reporting systems
• Operating reporting systems
• General business applications
• Employee access to IT systems was restricted to essential operations only

ENGlobal confirmed that threat actors gained access to personal information of employees, but did not disclose details or number of affected individuals. The company claims it has fully restored operations and corporate functions and believes the threat actor no longer has access to their IT system.