Steelcase furniture is the largest office furniture manufacturer with approximately 13,000 employees and $3.7 billion in sales annually. In a release by Steelcase, the company stated that on October 22nd they detected a cyberattack which caused the company to shut down their network to contain the attack’s spread. BleepingComputer is actively tracking the attack after a source told them that Ryuk was the ransomware used. BleepingComputer was also told that the group behind the attack on Steelcase is the same one that targeted Sopra Steria and Universal Health Services. Those attacks utilized either BazarLoader or TrickBot infections, which ultimately allow remote access to the Ryuk Ransomware threat actors via Cobalt Strike Beacon. As of now it is unknown how many devices were encrypted or if operations were impacted, other than shutting down their network.
Analyst Notes
Ryuk ransomware is commonly spread through very targeted means such as spear phishing and exploitation of compromised credentials to allow remote access. For organizations it is advisable to deploy Endpoint Detection and Response software with anti-ransomware features that can detect ransomware behaviors. Since spear phishing is a component, people should educate themselves on how to detect and defend from these emails. The teams at Binary Defense stand ready to assist our partners by monitoring their systems for malicious programs and defending against determined adversaries.
Source Article: https://www.bleepingcomputer.com/news/security/steelcase-furniture-giant-hit-by-ryuk-ransomware-attack/
