Vendor of essential infrastructure systems, PSI Software, targets by hackers using ransomware.
PSI Software, a German critical infrastructure software and logistics platforms vendor, is currently operating at diminished capacity due to a ransomware attack detected on Thursday. The latest confirmed information indicates that the company was targeted by a ransomware attack involving the BlackCat ransomware variant, also known as ALPHV or Noberus.
The BlackCat ransomware has been observed to incorporate advanced tools such as Impacket and RemCom to facilitate lateral movement and remote code execution within targeted environments. According to Microsoft's threat intelligence, the BlackCat variant attacking PSI Software was actively used by affiliated threat actors at least since July 2023.
Regarding the suspected attacker, the ransomware is associated with the BlackCat group or its affiliates, known for continuously evolving their malware for enhanced stealth and encryption capabilities. However, there is no publicly detailed attribution to a nation-state or a specific hacking collective beyond BlackCat affiliates at this time.
The ransomware attack affected PSI's internal IT infrastructure, causing the company to shut down all external connections and systems as a response. As of Monday, the remainder of PSI's website is offline. Email correspondence remains offline at PSI, and the company is currently analyzing the exact vector of the attack.
PSI operates a subsidiary in the U.S. and purchases products from large U.S.-based enterprise vendors including IBM, Microsoft, Oracle, and SAP. The company has contacted German authorities and outside experts based on their recommendations. It is not clear from the available sources whether PSI has reported the ransomware attack to law enforcement or cybersecurity authorities.
There is concern about threat actors gaining footholds in IT environments of critical infrastructure companies. State-sponsored threat actors have embedded themselves inside critical infrastructure systems spanning transportation, energy, communications, and water. Federal cyber officials issued multiple warnings this month about China state-linked actors prepositioning for potential future disruptions.
No publicly available recent updates address PSI Software's operational recovery or incident response status as of August 2025. PSI provides control systems for energy control, operational management, network utilization, pipeline management, and leak detection. The company's current capacity to deliver these services remains uncertain, and it is hoped that the incident will not lead to lasting disruptions.
- The ransomware attack on PSI Software, a critical infrastructure software vendor, has raised concern about threat actors targeting such companies, as advanced variants like BlackCat, such as the one used on PSI, have been observed to incorporate tools for enhanced stealth and remote code execution.
- The BlackCat ransomware incident at PSI Software has been traced back to at least July 2023, according to Microsoft's threat intelligence, and the attack has affected the company's internal IT infrastructure, causing systems to be shut down and the remainder of the company's website to go offline as of Monday.
- Despite having contacted German authorities and outside experts, it is not clear if PSI Software has reported the ransomware attack to law enforcement or cybersecurity authorities, adding to the worry about the lack of transparency surrounding cybersecurity incidents, especially in the context of critical infrastructure.
