The Knauf Group felt prey to a cyberattack in the month of June. The German based multinational building and construction materials group announced that this attack disrupted their business operations. It also forced them to shut down all IT systems to isolate the incident. The attack happened on the night of June 29.
The group is still undergoing forensic investigation, incident response and remediation. Knauf posted an announcement on their official page. They mentioned in the announcement that they are working heavily to mitigate the impact to their customers and partners. They are planning a safe recovery and apologized for the inconvenience and delays being caused in their delivery process.
Emails by BleepingComputer warned that email systems were shut down as a response to the attack. However, mobile phones and Microsoft Teams were still working on communication.
Knauf holds approximately 81 % of the world’s wallboard market. They operate 150 production sites around the world and owns U.S based Knauf Insulation and USG Corporation.
Although Knauf didn’t mention about the type of cyberattack that they suffered nor the extended duration, impact or difficulty being faced to restore, the ransomware gang Black Basta took responsibility for the attack. They announced on their extortion site by listing Knauf as a victim on July 16, 2022.
Black Basta published 20 % of the files that they exfiltrated. Since they didn’t publish all the files, it can be assumed that the ransomware gang might be expecting a successful negotiation outcome and ransom payment.
