Knauf hacked by Black Basta ransomware gang

The building materials giant Knauf Group has reported it has been the victim of a hacker attack that has impacted its business operations, forcing its global IT team to shut down all IT networks to isolate the cyber security incident.

The cyberattack took place on the night of June 29, and at the time of writing this, Knauf is still in the process of forensic investigation, incident response, and remediation.

The announcement published on Knauf’s main page says:

We are currently working heavily to mitigate the impact to our customers and partners – as well as to plan a safe recovery. However, we apologize for any inconvenience or delays in our delivery processes, that may occur.

While Knauf’s announcements doesn't explain the type of hacker attack they suffered, the extended duration, impact, and difficulty in restoring the IT networks point to a ransomware incident.

Indeed, the ransomware gang known as Black Basta has taken responsibility for the attack via an announcement on their extortion website, listing Knauf as a victim on July 16:

Black Basta has published 20% of the files they allegedly exfiltrated during the cyberattack on Knauf, which over 350 visitors have accessed.

A new ransomware group Black Basta is reportedly linked to the notorious Conti ransomware operation.