Knauf

The Knauf Group was targeted in a ransomware attack by the Black Basta ransomware group at the end of June.

The group disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.

Black Basta took responsibility for the attack via an announcement on their extortion site, listing Knauf as a victim.

The ransomware gang published 20% of the files containing mail communication, user credentials, employee contact information, production documents, and ID scans that they allegedly exfiltrated during the attack on Knauf.

The Knauf Group apologized for any inconvenience or delays in the delivery processes, that may occur due to the attack while they were trying to resolve the issue.

Source: https://www.bleepingcomputer.com/news/security/building-materials-giant-knauf-hit-by-black-basta-ransomware-gang/

TPRM report: https://scoringcyber.rankiteo.com/company/knauf

"id": "kna05626722",
"linkid": "knauf",
"type": "Ransomware",
"date": "06/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Building Materials',
                        'name': 'Knauf Group',
                        'type': 'Company'}],
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['mail communication',
                                              'user credentials',
                                              'employee contact information',
                                              'production documents',
                                              'ID scans']},
 'date_detected': 'End of June',
 'description': 'The Knauf Group was targeted in a ransomware attack by the '
                'Black Basta ransomware group at the end of June. The group '
                'disrupted its business operations, forcing its global IT team '
                'to shut down all IT systems to isolate the incident. Black '
                'Basta took responsibility for the attack via an announcement '
                'on their extortion site, listing Knauf as a victim. The '
                'ransomware gang published 20% of the files containing mail '
                'communication, user credentials, employee contact '
                'information, production documents, and ID scans that they '
                'allegedly exfiltrated during the attack on Knauf. The Knauf '
                'Group apologized for any inconvenience or delays in the '
                'delivery processes that may occur due to the attack while '
                'they were trying to resolve the issue.',
 'impact': {'data_compromised': ['mail communication',
                                 'user credentials',
                                 'employee contact information',
                                 'production documents',
                                 'ID scans'],
            'downtime': True,
            'identity_theft_risk': True,
            'operational_impact': True},
 'motivation': 'Financial Gain',
 'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Black Basta'},
 'response': {'communication_strategy': ['apologized for any inconvenience or '
                                         'delays in the delivery processes'],
              'containment_measures': ['shut down all IT systems to isolate '
                                       'the incident']},
 'threat_actor': 'Black Basta',
 'title': 'Ransomware Attack on Knauf Group',
 'type': 'Ransomware'}