Construction Company Knauf Hit with Ransomware Attack

Colin Thierry Colin Thierry
Published on: July 22, 2022
Construction Company Knauf Hit with Ransomware Attack

Knauf Gips KG, one of the world’s largest producers of building materials and systems, issued an announcement to customers and partners this week after falling victim to a ransomware attack.

Knauf is a family-owned company based in Iphofen, Germany, which produces building materials and construction systems. Its services include drywall construction, plasterboard, cement boards, mineral fiber acoustic boards, dry mortars and insulating materials. Knauf has over 150 production sites worldwide, making it one of the largest companies in the construction industry.

This week, the company also began greeting visitors to its website with an ‘IMPORTANT MESSAGE’ in the middle of the home page.

“Unfortunately, the systems of Knauf Group have been the target of a cyber-attack on the night to Wednesday, June 29,” Knauf said in the notice.

“Our cyber security system responded immediately, and the global IT team managed to isolate the incident. The protective decision was made to shut down services, while further forensics are in progress,” the company added.

Knauf is still currently at work trying to contain the incident and restore its systems.

“We are currently working heavily to mitigate the impact to our customers and partners – as well as to plan a safe recovery,” the construction company said. “However, we apologize for any inconvenience or delays in our delivery processes, that may occur.”

“We would like to thank you for your understanding and trust,”Knauf added. “Please rest assured that we will inform you about our progress, and as soon as we are ‘back to business as usual.’”

According to media reports, the Black Basta ransomware group has claimed responsibility for the attack with an announcement on its extortion site listing Knauf as a victim as of last week. The gang had already published around a fifth of the files they allegedly stole from Knauf.

The stolen dataset reportedly included email communication, user credentials, employee contact information, production documents, and ID scans.

About the Author

Colin Thierry
Colin Thierry
Cybersecurity researcher and journalist
Published on: July 22, 2022

About the Author

Colin Thierry is a cybersecurity researcher and journalist who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.