Steelcase Furniture Giant Down For 2 Weeks After Ransomware Attack

Office furniture giant Steelcase says that no information was stolen during a Ryuk ransomware attack that forced them to shut down global operations for roughly two weeks.

Steelcase is the world’s largest office furniture manufacturer, with almost 13,000 employees, a network of 800 dealers, and $3.7 billion in revenue in 2020.

Two weeks of downtime

On October 27, Steelcase announced in a filing with the Securities and Exchange Commission (SEC) that its network was hit by a cyberattack on October 22. The attack required the shutdown of all impacted systems and related operations.

“All production has been halted since Oct. 22nd as we depend on the ‘network’ for running, scanning and transferring product in the plants,” a Steelcase employee told BleepingComputer the same day. “We just were sent an update that no production work will be done the rest of this week.”

Today, the company said in a new 8-K form filed with the SEC that the incident led to a two-week operational shutdown.

Also Read: How Singapore Cybersecurity Masterplan 2020 Is Formidable

“The Company quickly implemented a series of containment and remediation measures to address the situation, conduct a forensics investigation and reinforce the security of its systems,” Steelcase said.

“Those measures included the Company shutting down most of its global order management, manufacturing and distribution systems and operations for approximately two weeks.”

Today’s filing confirms that the company’s business operations were indeed affected by the ransomware attack, something we didn’t know after BleepingComputer’s requests for more details went unanswered.

One week after the attack, on October 29, the same Steelcase employee said that the company’s systems were still down, with the company notifying employees that they “could apply for unemployment instead of using [their] vacation time for hours missed.”

No data stolen from compromised systems

Steelcase said today that it has now resumed normal operations and is working on getting back to normal order lead times by shipping all orders delayed by the shutdown.

The office furniture manufacturer expects some third-quarter shipments to be delayed to the fourth quarter “due to the timing of the operational shutdown, which spanned into early November.”

Steelcase incurred additional costs due to system remediation, restoration, and reinforcement, as well as operational inefficiencies after the attack.

Steelcase also said that no sensitive customer or employee data was collected and stolen from any of the systems affected in the ransomware attack.

“The Company has substantially completed its forensic investigation and has found no evidence that any exfiltration of sensitive business data, including intellectual property or customer, supplier or employee data, occurred as a result of this event,” the furniture manufacturer said.

While the company refused to acknowledge that this was a ransomware attack in the initial SEC filing and the one filed today, BleepingComputer had information from a source in the cybersecurity industry that the Ryuk ransomware gang was the one responsible for the attack on their systems.

Even though there is no info on how Ryuk infiltrated Steelcase’s network, based on previous attacks against Sopra Steria and Universal Health Services, they most likely used access provided by BazarLoader or TrickBot to deploy ransomware payloads on the network.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Once they gain network access and admin credentials, the Ryuk actors manually deploy the payloads on network devices using PSExec or PowerShell Empire following a reconnaissance stage.