%202.svg)
CPC Corp Taiwan
Winnti Group’s ColdLock Ransomware
Oil and Gas
~$3-6M in recovery/downtime, Website offline ~1 day; ~1,000+ gas stations couldn’t process electronic payments, causing chaos (cash-only fallback). No fuel shortages or production halts; OT isolated.
Suspected via spear-phishing or infected USB (unconfirmed); attackers spent weeks probing, escalating privileges to domain admin level before deployment.
Weak Credentials
Network Cloaking, Passwordless Access, and Segmentation
%20Ransomware%20Cards.png)
CPC Corp., Taiwan’s state-owned oil and gascompany, suffered a ransomware attack thatdisrupted operations attributed to a China-linkedhacking collective.
Attackers likely infiltrate via phishing, unpatchedvulnerabilities, or supply-chain compromise (e.g.,infected USB or third-party software). Data exfil-tration occurs quietly before encryption activates.Ransomware encrypts servers and endpointsaround midday; CPC’s website crashes, and gas sta-tions nationwide fail to process VIP cards or mobilepayments. CPC initially calls it a “system crash” butconfirms malware by evening.
For oil and gas operations, this attack underscoresthe need for continuous, universal OT segmentation.
BlastWave achieves this by segmenting all seg-ments, ensuring that ransomware cannot propagatefrom a single compromised workstation or serverto critical control systems, thereby maintainingoperational flow and preventing business-cripplingoperational disruptions caused by these generalizedransomware campaigns.
Reading about past failures is only useful if it changes future outcomes. If attackers can see your OT network, they can target it. If they can target it, compliance, safety, and uptime are already at risk.
BlastWave eliminates reconnaissance, initial access, and lateral movement — without agents, without downtime, and without changing IPs, protocols, or PLCs.