The Knauf Group has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident. Knauf Gips KG is a multinational, family-owned company based in Iphofen, Germany.
The incident took place towards the end of July 2022 and the full impact has recently come to light. In a statement, the company writes: “We are currently working heavily to mitigate the impact to our customers and partners – as well as to plan a safe recovery. However, we apologize for any inconvenience or delays in our delivery processes that may occur.”
Looking into the cyber-incident for Digital Journal is Stephan Chenette, Co-Founder and CTO at AttackIQ.
Chenette begins by looking at the mode of the attack and the ramifications: “Ransomware attacks often have collateral damage and impact beyond the ransom. The incident not only impacts Knauf Group itself but also its customers.”
While “the company is still currently investigating the attack”, Chenette notes that we have knowledge of the perpetrators: “The threat group that has claimed responsibility for this attack, Black Basta which is a rebrand of the Conti ransomware group, has leaked 20 percent of the files they have stolen.”
Black Basta is a relatively new family of ransomware, first discovered in April 2022.
In relation to the current incident, Chenette warns: “If personally identifiable information is included in these leaked files, it can be bought and sold for top dollar on the dark web, further exposing victims to future fraud or phishing attacks.”
Chenette says that the choice facing the company is serious: “As evidenced by this and many other recent ransomware attacks, it’s no longer an issue of just whether or not to pay the ransom – it is likely that the organization will suffer reputational damage and loss of data and business.”
This means better measures need to be taken, as Chenette outlines: “Because of this, it’s important for organizations to defend against ransomware by understanding the common tactics, techniques, and procedures used by the adversary.”
What form should these measures take? Chenette advises: “In doing so, companies can build more resilient security detection, prevention, and response programs mapped specifically to those known behaviors.”
In other recommendations, Chenette advises: “Additionally, companies should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to avoid falling victim. This approach should be tailored to focus on the adversaries most likely to impact their operations to maximize their ability to protect sensitive information.”
