Steelcase Furniture Giant Hit by Ryuk Ransomware Attack


Level 15
Content Creator
Sep 1, 2017
MT friends! Today, I have learned that one of the world's largest furniture manufacturing companies was recently infected with Ryuk ransomware. Please read below and at the end my thoughts on the situation.

As noted from the Bleeping Computer New Article by Lawrence Abrams:

Office furniture giant Steelcase has suffered a ransomware attack that forced them to shut down their network to contain the attack's spread.

Steelcase is the largest office furniture manufacturer globally, with 13,000 employees and $3.7 billion in 2020.

Steelcase suffers a Ryuk ransomware attack​

In an 8-K form filed with the Securities and Exchange Commission (SEC), Steelcase has disclosed that they were the victim of a cyberattack on October 22nd, 2020.

On October 22, 2020, Steelcase Inc. (the “Company”) detected a cyberattack on its information technology systems. The Company promptly implemented a series of containment measures to address this situation including temporarily shutting down the affected systems and related operations.
The Company is actively engaged in restoring the affected systems and returning to normal levels of operations. At this time, the Company is not aware of any data loss from its systems or any other loss of assets as a result of this attack. Although cyberattacks can be unpredictable, the Company does not currently expect this incident will have a material impact on its business operations or its financial results.

BleepingComputer has been actively tracking this attack after a source in the cybersecurity industry told us last week that Steelcase suffered a Ryuk ransomware attack.

We were told that Steelcase's devices were encrypted by Ryuk after first being targeted by the same group behind the recent attack on Sopra Steria and Universal Health Services.

If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.

Those attacks utilized either the BazarLoader or TrickBot infections, which ultimately provide remote access to the Ryuk Ransomware threat actors, who then compromise the rest of the network and deploy Ryuk.

BazarBackdoor attack flow

BazarBackdoor attack flow
Source: Advanced Intel

It is unknown how many devices were encrypted or if business operations were impacted other than the shutting down of the network.

BleepingComputer has contacted Steelcase with further questions but has not heard back.

You can read this article at Bleeping Computer using the below link:

Steelcase furniture giant hit by Ryuk ransomware attack

Companies in my humble opinion need to be prepared for security situations. It is not a matter of 'if', but a matter of 'when' something like this happens to any given company.

I feel bad for Steelcase, Steelcase partners, Steelcase dealerships, and Steelcase customers. This situation goes from bad to worse in a heartbeat. I hope that Steelcase will recover from this attack and come out on the other side helping to teach the world about what they learned along with findings. I hope that Steelcase has an iron-clad insurance policy that will help them in overcoming the tremendous cost of downtime that their systems have been under. Can you imagine if all corporate systems were for a large part inaccessible for this large of a company? I would imagine the cost would be in the millions for damages alone that could be measured. We aren't even talking about the possible damages to reputation etc. that may cause brand trust issues or for potential future loss in business as it relates to what has happened.

Earlier today I was thinking to myself: What if consumers were expecting their product at a certain time and now everything is delayed? Most contracts have terms for failure to deliver and for that alone I bet will cost a ton of money.

What are your thoughts?



Level 74
Content Creator
Malware Hunter
Aug 17, 2014
Today, the company said in a new 8-K form filed with the SEC that the incident led to a two-week operational shutdown.
"The Company quickly implemented a series of containment and remediation measures to address the situation, conduct a forensics investigation and reinforce the security of its systems," Steelcase said.
"Those measures included the Company shutting down most of its global order management, manufacturing and distribution systems and operations for approximately two weeks."
Steelcase said today that it has now resumed normal operations and is working on getting back to normal order lead times by shipping all orders delayed by the shutdown.
The office furniture manufacturer expects some third-quarter shipments to be delayed to the fourth quarter "due to the timing of the operational shutdown, which spanned into early November."