View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 20, 2022updated 05 Aug 2022 11:35am

Black Basta ransomware gang claims responsibility for Knauf cyberattack

The building supplies company has been operating a reduced service for three weeks since the breach.

By Claudia Glover

Global building supply manufacturer Knauf is still battling the fallout from a cyberattack it suffered three weeks ago, it has been revealed. To isolate the attack, Knauf’s IT team shut down all operations across its business, some of which are still down with temporary workarounds in place. Ransomware gang Black Basta has claimed responsibility for the attack, and has leaked information purporting to be from the company on the darkweb.

Building services company Knauf has suffered a cyberattack (Pic: JARAMA/iStock)

Based in Germany, the Knauf Group employs over 30,000 people globally and says it has an 81% of the worldwide wallboard market. It supplies materials to UK customers, and has two factories in Britain, in Kent and Lincolnshire.

How the Knauf cyberattack unfolded

The cyberattack on Knauf took place on June 29 and, according to a statement recently posted on the building company’s website, it is still working to become fully operational again 

“We are currently working heavily to mitigate the impact to our customers and partners – as well as to plan a safe recovery. However, we apologize for any inconvenience or delays in our delivery processes that may occur,” the statement says. Temporary workarounds for customers are being released onto the company’s cyber attack updates page.

Has Knauf been the victim of a ransomware attack?

Though the company has not been specific about the type of cyberattack it is currently handling, ransomware gang Black Basta has taken responsibility, and posted Knauf’s details to its ransomware blog along what it says is 20% of the files lifted from the company.

The low percentage of files posted on the dark web hints that the ransom negotiations could be ongoing. The documents uploaded appear to be examples of health insurance information, as well as user credentials, employee contact information, product documents and ID scans.

Pictures of Black Basta’s dark web blog displaying Kauf’s information have been posted on Twitter.

Black Basta continues its rise to prominence

Black Basta is a ransomware group thought to be based in Russia, that operates mainly using double extortion tactics. This means it lifts the data of victim companies before encrypting it, leaving the companies to pay for both the decryption key and to prevent sensitive information from being released online.

It was first spotted in action in February, and since then has hit almost 50 victims across the manufacturing, construction, transportation, telecom, pharmaceutical, plumbing, and heating sectors. It has been closely linked to prolific ransomware gang Conti, which shut down its operations earlier this year.

In April, Black Basta posted its intentions to buy and monetise corporate network access for a share in the profits. The post, written in Russian, specified that it was looking for organizations based in the United States, Canada, United Kingdom, Australia, and New Zealand, according to a report from security company CyberReason.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit

Read more: How AI will extend the scale and sophistication of cybercrime

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.