Steelcase furniture giant down for 2 weeks after ransomware attack
Office furniture giant Steelcase said no information was stolen during a Ryuk ransomware attack that forced them to cease operating worldwide for about two weeks.
Steelcase is the world’s largest maker of office furniture with nearly 13,000 employees, a network of 800 dealers and sales of $ 3.7 billion in 2020.
Two weeks of downtime
On October 27, Steelcase announced in a filing with the Securities and Exchange Commission (SEC) that its network had been subjected to a cyber attack on October 22. The attack required the shutdown of all affected systems and related processes.
“All production has been suspended since October 22nd as we rely on the ‘network’ to run, scan and transfer products in the factories,” a Steelcase representative told BleepingComputer on the same day. “We just received an update that there will be no production work for the rest of this week.”
Today the company announced on a new 8-K form filed with the SEC that the incident resulted in a two-week business interruption.
“The company quickly implemented a number of containment and remediation measures to address the situation, conduct a forensic investigation, and improve the security of its systems,” said Steelcase.
“These measures included the company shutting down most of its global order management, manufacturing and distribution systems and operations for approximately two weeks.”
Today’s filing confirms that the company’s operations were indeed affected by the ransomware attack, which we didn’t know after BleepingComputer’s inquiries for more details went unanswered.
A week after the attack, on October 29th, the same Steelcase employee said the company’s systems were still down. The company told employees that they could “apply for unemployment instead of using it” [their] Missed vacation time for hours. “
No data stolen from compromised systems
Steelcase announced today that it has resumed normal operations and is working to return to normal order lead times by shipping all orders delayed by the shutdown.
The office furniture maker anticipates that some deliveries in the third quarter will be delayed to the fourth quarter “due to the timing of the business interruption, which lasted until early November.”
Steelcase incurred additional costs from system fixes, restores, and fortifications, as well as operational inefficiencies after the attack.
Steelcase also said that no sensitive customer or employee data was collected or stolen from any of the systems affected by the ransomware attack.
“The company has essentially completed its forensic investigation and found no evidence that any exfiltration of sensitive business data, including intellectual property or customer, supplier or employee data, occurred as a result of this event,” the furniture maker said.
While the company refused to acknowledge that this was a ransomware attack in the first SEC filing and the one filed today, BleepingComputer had information from a cybersecurity industry source that the Ryuk ransomware gang was responsible for the attack on their systems.
Ryuk ransom note
While there is no information on how Ryuk infiltrated Steelcase’s network based on previous attacks against Sopra Steria and Universal Health Services, they most likely used the access provided by BazarLoader or TrickBot to serve ransomware payloads on the network.
As soon as they have received network access and administrator credentials, the Ryuk actors provide the user data manually on network devices after a reconnaissance phase using PSExec or PowerShell Empire.