MT friends! Today, I have learned that one of the world's largest furniture manufacturing companies was recently infected with Ryuk ransomware. Please read below and at the end my thoughts on the situation.
As noted from the Bleeping Computer New Article by Lawrence Abrams:
Office furniture giant Steelcase has suffered a ransomware attack that forced them to shut down their network to contain the attack's spread.
Steelcase is the largest office furniture manufacturer globally, with 13,000 employees and $3.7 billion in 2020.
On October 22, 2020, Steelcase Inc. (the “Company”) detected a cyberattack on its information technology systems. The Company promptly implemented a series of containment measures to address this situation including temporarily shutting down the affected systems and related operations.
The Company is actively engaged in restoring the affected systems and returning to normal levels of operations. At this time, the Company is not aware of any data loss from its systems or any other loss of assets as a result of this attack. Although cyberattacks can be unpredictable, the Company does not currently expect this incident will have a material impact on its business operations or its financial results.
BleepingComputer has been actively tracking this attack after a source in the cybersecurity industry told us last week that Steelcase suffered a Ryuk ransomware attack.
We were told that Steelcase's devices were encrypted by Ryuk after first being targeted by the same group behind the recent attack on Sopra Steria and Universal Health Services.
If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.
Those attacks utilized either the BazarLoader or TrickBot infections, which ultimately provide remote access to the Ryuk Ransomware threat actors, who then compromise the rest of the network and deploy Ryuk.
BazarBackdoor attack flow
Source: Advanced Intel
It is unknown how many devices were encrypted or if business operations were impacted other than the shutting down of the network.
BleepingComputer has contacted Steelcase with further questions but has not heard back.
You can read this article at Bleeping Computer using the below link:
Steelcase furniture giant hit by Ryuk ransomware attack
Companies in my humble opinion need to be prepared for security situations. It is not a matter of 'if', but a matter of 'when' something like this happens to any given company.
I feel bad for Steelcase, Steelcase partners, Steelcase dealerships, and Steelcase customers. This situation goes from bad to worse in a heartbeat. I hope that Steelcase will recover from this attack and come out on the other side helping to teach the world about what they learned along with findings. I hope that Steelcase has an iron-clad insurance policy that will help them in overcoming the tremendous cost of downtime that their systems have been under. Can you imagine if all corporate systems were for a large part inaccessible for this large of a company? I would imagine the cost would be in the millions for damages alone that could be measured. We aren't even talking about the possible damages to reputation etc. that may cause brand trust issues or for potential future loss in business as it relates to what has happened.
Earlier today I was thinking to myself: What if consumers were expecting their product at a certain time and now everything is delayed? Most contracts have terms for failure to deliver and for that alone I bet will cost a ton of money.
What are your thoughts?
~Brian
As noted from the Bleeping Computer New Article by Lawrence Abrams:
Office furniture giant Steelcase has suffered a ransomware attack that forced them to shut down their network to contain the attack's spread.
Steelcase is the largest office furniture manufacturer globally, with 13,000 employees and $3.7 billion in 2020.
Steelcase suffers a Ryuk ransomware attack
In an 8-K form filed with the Securities and Exchange Commission (SEC), Steelcase has disclosed that they were the victim of a cyberattack on October 22nd, 2020.On October 22, 2020, Steelcase Inc. (the “Company”) detected a cyberattack on its information technology systems. The Company promptly implemented a series of containment measures to address this situation including temporarily shutting down the affected systems and related operations.
The Company is actively engaged in restoring the affected systems and returning to normal levels of operations. At this time, the Company is not aware of any data loss from its systems or any other loss of assets as a result of this attack. Although cyberattacks can be unpredictable, the Company does not currently expect this incident will have a material impact on its business operations or its financial results.
BleepingComputer has been actively tracking this attack after a source in the cybersecurity industry told us last week that Steelcase suffered a Ryuk ransomware attack.
We were told that Steelcase's devices were encrypted by Ryuk after first being targeted by the same group behind the recent attack on Sopra Steria and Universal Health Services.
If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.
Those attacks utilized either the BazarLoader or TrickBot infections, which ultimately provide remote access to the Ryuk Ransomware threat actors, who then compromise the rest of the network and deploy Ryuk.
BazarBackdoor attack flow
Source: Advanced Intel
It is unknown how many devices were encrypted or if business operations were impacted other than the shutting down of the network.
BleepingComputer has contacted Steelcase with further questions but has not heard back.
You can read this article at Bleeping Computer using the below link:
Steelcase furniture giant hit by Ryuk ransomware attack
Companies in my humble opinion need to be prepared for security situations. It is not a matter of 'if', but a matter of 'when' something like this happens to any given company.
I feel bad for Steelcase, Steelcase partners, Steelcase dealerships, and Steelcase customers. This situation goes from bad to worse in a heartbeat. I hope that Steelcase will recover from this attack and come out on the other side helping to teach the world about what they learned along with findings. I hope that Steelcase has an iron-clad insurance policy that will help them in overcoming the tremendous cost of downtime that their systems have been under. Can you imagine if all corporate systems were for a large part inaccessible for this large of a company? I would imagine the cost would be in the millions for damages alone that could be measured. We aren't even talking about the possible damages to reputation etc. that may cause brand trust issues or for potential future loss in business as it relates to what has happened.
Earlier today I was thinking to myself: What if consumers were expecting their product at a certain time and now everything is delayed? Most contracts have terms for failure to deliver and for that alone I bet will cost a ton of money.
What are your thoughts?
~Brian
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
