PC Virus Infection at Azbil Corporation and azbil Group Companies (2nd notice)
September 26, 2020
An employee of Azbil Trading Co., Ltd., a member of the azbil Group, opened a .zip file attachment to a fake e-mail that appeared to come from a customer on September 17, and the employee’s PC was infected by a variant of the Emotet* computer virus. As a result, there was a possibility that information such as e-mail addresses could leak both inside and outside the company.
Because of this incident, e-mail supposedly coming from the azbil Group or one of its employees and containing the Emotet virus may have been sent to parties who have dealt with an azbil Group company in the past. We deeply apologize for any inconvenience caused to our customers and related parties.
What happened, and our response
- Sept. 17
A PC at Azbil Trading Co., Ltd., was infected by a virus after an employee opened a .zip file attachment to an e-mail disguised to look as though it came from a known customer.
- Sept. 18
• The information systems group at Azbil Trading found that multiple suspicious e-mail messages had arrived, and that there was a possibility of virus infection.
• The information systems group at Azbil Trading immediately contacted the Information Systems Department of Azbil Corporation.
• The Information Systems Department confirmed that there was an infection by an Emotet variant and the PC in question was immediately disconnected from the network and sent to an information security company for investigation.
- Sept. 19
The investigation found that a data file containing both internal and external e-mail addresses and e-mail messages, which is personal information, had been created on the personal computer. There was also evidence of communication with the outside (because the communication was encrypted, the contents are still under investigation).
- Sept. 21
We sent out an e-mail to everyone who might have received suspicious e-mail in order to apologize and warn about e-mail messages appearing to be from our company, Group, or employees.
- Sept. 23
As our investigation continued, we found that two other PCs, one each at Azbil Corporation and Azbil Trading Co., were infected with the Emotet variant. In order to prevent further spread of the virus, we began to discuss and implement multiple countermeasures: isolating zipped attachments on all e-mail, cutting off the connection of our network with the outside, and shutting down the e-mail system to learn if there were any other viruses.
- Sept. 25
After completion of the above investigation and countermeasures, our network connection with the outside was restored, and the e-mail system incrementally resumed operation. In addition, we are continuing to investigate the facts with outside experts concerning matters such as information leaks and the destination of e-mail sent by the virus.
Request to anyone who received a suspicious e-mail claiming to be from the azbil Group or its employees
On or after September 17, if you received an e-mail supposedly coming from one of our employees with a zip file attached, please check the e-mail address of the sender, and if it is not actually from the azbil Group (@azbil.com), or if you checked with our employee and the employee did not send it, please delete it without opening it.
We strive to manage personal information and other data properly, and we take this incident very seriously. We will endeavor to strengthen our information security, and we will make every effort to prevent this kind of situation from occurring again in the future.
Thank you for your understanding.
Note: Emotet is a computer virus that steals e-mail information from the infected PC and uses that information to spread the virus via e-mail. Anyone who opens the attached file or clicks the URL in the e-mail will be infected by Emotet. A new variety of the virus has also been created that cannot be prevented by existing measures.