Building Materials Manufacturer Knauf Became a Victim of Black Basta Ransomware

The international company Knauf Group, engaged in the production of various materials for construction work, suffered from the attack of the Black Basta ransomware.

The incident impacted the company’s business operations, forcing Knauf’s global IT team to shut down all IT systems to contain the spread of the threat.

Let me remind you that we also reported that North Korean Ransomware Maui Attacks Healthcare Companies, and also that The number of ransomware DDoS attacks has dropped significantly.

According to the manufacturer’s official statement, the attack occurred on the night of June 29, 2022, and at the moment, Knauf specialists are still analysing the incident and eliminating the consequences of the incident.

We are currently actively working to mitigate the impact [of the incident] for our customers and partners, and plan for a safe recovery. Be that as it may, we apologize for any inconvenience and delays in our shipping processes that may occur.the company representatives write.

According to Bleeping Computer, the hacker group Black Basta has already claimed responsibility for this attack. So, an announcement appeared on the group’s website, which says that Knauf was hacked on July 16, 2022.

Knauf and Black Basta

The extortionists claim to have stolen data from the company, and to prove their words, they have already published 20% of the allegedly stolen files. Journalists who examined the dump say it contains emails, user credentials, employee contact information, production documents, and ID scans.

Knauf and Black Basta

The fact that the hackers have not yet published all the files indicates that the attackers still have hope for a successful outcome of the negotiations and obtaining a ransom.

Reference: The Black Basta ransomware group began its RaaS activity in April 2022 and quickly gained notoriety, claiming a number of major victims, including, for example, the American Dental Association.

Information security experts believe that Black Basta is a rebranding of the well-known hack group Conti, as this is indicated by the similarities in the techniques used and the styles of negotiation.

In the summer of 2022, Black Basta established cooperation with Qbot operators (QuakBot), and now distributes its payloads through this malware. Also, the authors of Black Basta have already created a version of their malware for Linux, aimed at VMware ESXi virtual machines running on Linux servers.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button