Recycling giant TOMRA pulls systems offline following 'extensive cyberattack'

Says baddies launched attack at weekend, isolates parts of tech infrastructure to contain spread

Norwegian mining and recycling giant TOMRA says it has isolated tech systems as it deals with an "extensive cyberattack."

TOMRA has multiple divisions that focus on areas including waste and recycling solutions, metal sorting systems, mining machine systems and food sorting equipment. It turned over $1.2 billion in calendar 2022.

The attack began at the weekend on July 16, the company told the Oslo Stock Exchange yesterday. In an update today it said:

To contain the attack, we immediately disconnected selected services and have since disconnected others. A team of internal and external resources is working around the clock to resolve the situation, and affected systems will remain offline until it is safe to open them. No new hostile activities have been detected.

At a group level, internal IT services and some back office applications are still offline affecting supply chain management, and major office locations are offline and staff asked to work remotely.

The majority of reverse vending machines in operation continue to work offline, though some are no longer working, and some in Australia and North America remain online and "fully connected."

The Recycling and Foods divisions are "operating as usual" although some functionality is limited due to digital services being offline.

"Our primary aim is to continue to deliver our services to customers, reducing the impact this attack has on them. The attack currently has limited impact on TOMRA's customer operations. Most of TOMRA's digital services are designed to operate offline for a certain amount of time but may have reduced functionality in the interim," the company said.

"A team is working to establish temporary solutions for all digital systems to support keeping costumer solutions operational over time," it added.

We have asked the company how the criminals gained entry; the type of assault they perpetrated; and if any ransom has been demanded. As yet, no criminal crew has claimed responsibility for the attack.

Any disruption to companies playing a part in a nation's critical infrastructure continues to be a priority for cyber baddies, said Simon Chassar, chief revenue officer at Claroty.

"By affecting the up time of systems and services of a company like TOMRA, which operates across multiple industries, attackers can inflict significant financial and social damage on the business itself as well as global supply chains which will force them to act fast in paying any ransoms to re-start operations."

He said more than a third of food and beverage companies anticipate that the revenue impact of operational disruption would be "at least $1m per hour."

"As more cyber-physical systems, such as ICS and IoTs, are connected to networks, the risk will only increase as businesses expose themselves to new cyber threats and vulnerabilities as part of digital transformation evolution," he added.

Just last month, Oreo maker Modelez International confirmed 51,000 former and current staff had their personal data stolen, and Dole's food production plants in North America were temporarily shut down in February, reportedly due to ransomware. ®

More about

More about

More about


Send us news

Other stories you might like