July 25, 2022  — 
Eric Swotinsky

Building materials firm Knauf hit by Black Basta ransomware

The Knauf Group, a German-based multinational producer of construction materials, has announced that it's been the target of a cyberattack. The incident took place on the night of June 29, forcing its global IT team to shut down email systems, although communications were still possible via mobile devices and Microsoft Teams.

Knauf is still in the process of forensic investigation, incident response and remediation. The firm is an undeniably high-value target for cybercriminals, with more than 35,000 employees worldwide and an annual revenue of over $11 billion. Knauf operates 150 production sites in several countries, and owns U.S.-based USG Corporation and Knauf Insulation (which has been impacted as well).

The Black Basta ransomware group has taken responsibility for the attack via an announcement on their extortion site, listing Knauf as a victim on July 16, 2022. The cybercrime gang has already published 20% of the stolen files, including samples of email communication, user credentials, employee contact information, production documents and ID scans.

The Active Protection in Acronis Cyber Protect Cloud detects and blocks ransomware threats like Black Basta based on the malicious behaviors that they exhibit, while the Advanced Email Security pack keeps dangerous payloads out of your users' inboxes.