IT Update

Dear colleagues,

Before we head into the weekend, here is a brief update on the situation:

• We are working on cleaning the PDF attachments and the SAGE accounting software as described yesterday.
• As soon as we are on a good level in the above points, we will take care of the file server public-srv-data.
• In the meantime, we have discovered that data from the Polish branch of UT has also been encrypted. We are working on the release of the data according to the already established schedule.

Our central IT response team has the situation under control and is working to restore our systems. In order to process your IT-related enquiries in a structured and efficient manner, we kindly ask you NOT to make enquiries by phone, but to send them by email to support@gruber-logistics.com.

For other questions, please continue to contact your branch manager, who can then get in touch with the crisis team directly.

Dear Colleagues,
We are currently experiencing an increased volume of phishing attempts on our mobile phone numbers. To protect you and our organisation from these attacks, it is important to be vigilant and follow these tips:

• Check the sender’s email address or phone number.
• Watch out for urgent or threatening wording. Phishing attempts often use urgent or threatening wording to create a sense of
• panic and prompt you to act quickly.
• Do not click on suspicious links or download attachments from unknown sources.
• Report suspicious emails or messages immediately to support@gruber-logistics.com.

Thank you very much for your support.

Dear colleagues,

the HeavyNet is ready to be used again! There may be a backup request, that you can accept: the HeavyNet environment is safe. Here are the most important things you need to know:

• All important functions are available, but the pdf attachments in the orders and other master data will only be available one by one. We expect that making all pdf available will take at least another 1-2 weeks.
• We can send out invoices, but without attachments. Everyone should/must do this now, even at the risk of customers complaining.
• As we are working on an interim server, HeavyNet is working slower than usual.
• As of now, we are working on the SAGE accounting software: we do not expect to be able to make the accounting software available before Friday evening.
• The fileserver public-srv-daten has to be queued up behind, we will deal with it only after cleaning all pdf from Heavynet and accounting.

If you have any technical queries, please contact the IT manager of the location first, so that the central operations team can continue working in peace. If you have other questions, please contact your branch manager, who can then contact the crisis team directly.

Dear colleagues,

We are cautiously optimistic: the HeavyNet has been restored in a first test version and is currently being tested for functionality. We will let you know as soon as/if we can resume normal and secure business operations.

Dear Colleagues,

Universal Transport has suffered a criminal cyber-attack, which is currently causing massive technical disruptions. Unfortunately, this has also led to the encryption of data and a number of employees are currently only able to work to a limited extent.

We have already set up a crisis team, which is supported by external experts from the fields of IT forensics and IT security; in addition, the responsible data protection authorities and the police have been informed.

So far, no relevant data leakage has been detected – the issue of data security has the highest priority for us.

Unfortunately, we cannot share any further details with you because this is an ongoing investigation, but we are doing everything we can to resume normal, secure business operations as quickly as possible: In particular, colleagues from the Auer IT department have already travelled to Germany with 40 laptops in their luggage to enable as many employees as possible to work.

How can you support the company now and protect yourself?

• Do not make any unauthorised statements to customers, business partners or external third parties. Please send all questions to Holger Dechant. We will then answer them consistently and reliably. Any other approach entails liability risks that we want to avoid.
• Above all, do not give any promises, information, answers or instructions
  • about when problems will be solved
  • to legal enquiries of any kind
  • on the cyber-attack itself and its countermeasures (subject of police investigations).
• So far, we are not aware of any data leakage. Nevertheless, it is advisable to change any passwords of a private nature that were stored on your devices via third-party devices, if possible.
• Now more than ever, it is important that we protect ourselves from phishing attempts: To protect you and our business from these attacks, it is important to be vigilant and follow these tips:
  • Check the sender’s email address or phone number.
  • Watch out for pressing or threatening phrases. Phishing attempts often use pushing or threatening wording to create a sense of panic and get you to act quickly.
  • Do not click on suspicious links or download attachments from unknown sources.
  • Report suspicious emails or messages immediately to support@gruber-logistics.com.

Below are the answers to the most important questions as a summary:

Can we currently accept/process orders?

Some of our colleagues at Universal Transport are currently unable to accept orders. We are working to restore business operations as quickly as possible.

When will the IT systems be available again?

Currently, a team of IT experts is working at full speed to get our IT up and running again. However, due to the complexity of the cyber-attack, we are not yet able to say when this will be. Our goal is to minimise the final damage as much as possible.

What are we doing in the meantime?

We are still trying to set up possibilities (mail, telephony, etc.) so that basic activities can be carried out. The branches of Züst and Bachmeier as well as Gruber Logistics are continuing to work without interruption and can support their colleagues.

Who is affected?

Only HeavyNet is affected. We have to clarify for each individual case the extent of what is possible doing right now.

Are our data and those of our customers safe?

As far as we know at the moment, the data is safe. We are working closely with the responsible authorities.

What about the backup?

Data backups are available. We are currently checking to what extent the backups can be used.

Who is my contact person in the Management Board?

The responsible contact person in the Management Board is Markus Frost.