The big-time building materials manufacturer Knauf has been hit by a cyberattack courtesy of the Black Basta ransomware group. Based on reports, the cyberattack has hindered the company’s business operation, shutting down its Information Technology (IT) systems to isolate the incident and mitigate further damage.
The malicious activity occurred in the latter days of June. The Knauf group immediately deployed a forensic investigation, response, and remediation to address the current breach of the Black Basta group.
According to a spokesperson, their company is working heavily to mitigate the attack’s damage to their partners and customers. They are also planning a scheme to recover from the attack safely. They also apologised to their customers for the inconvenience since there were delays in their delivery processes.
The company responded to a forum, revealing that its systems were taken down as part of the immediate response to the cyberattack. However, Knauf’s company phones and MS teams were still working for communications during the attack.
Germany’s Knauf group is one of the world’s biggest construction materials manufacturers.
The Knauf group is in Germany, a multinational building and construction materials producer employed by more than 80% of the world’s market.
The firm runs nearly 150 production sites globally and owns the US-based Knauf Insulation and USG Corporation. It is also noteworthy that Knauf Insulation has also published a threat advisory regarding the cyberattack against its site. Therefore, that sector of the company is also affected.
Unfortunately, the company does not disclose the type of cyberattack they received from the malicious group. Some experts believe it is ransomware since the campaign has an extended duration, impact, and complicated encryption that the company’s IT team had difficulty decrypting.
Black Basta claimed that the attack against Knauf was purely a ransomware campaign after they posted the list of its victims on their extortion site last July 16. The ransomware group has revealed roughly 20% of the files they allegedly stole during their attack, and there are over 350 visitors that accessed the company’s site.