Paints manufacturer AkzoNobel targeted by Anubis ransomware operators

Dutch paint and coatings manufacturer AkzoNobel said cyber criminals targeted one of its sites in the United States after Anubis ransomware operators claimed it stole 170 GB of data from the company’s systems.

 

Earlier this month, the Anubis ransomware group, known for running a ransomware-as-a-service operation and carrying out double extortion attacks on victims worldwide, claimed that it targeted global paint and coatings manufacturer AkzoNobel and stole 170 GB worth of company documents and client data.

 

The group claimed that it had over 170,000 data files in its possession, including AkzoNobel’s confidential agreements with major clients, technical specifications of the company’s products, material testing documents, email conversations as well as personal information like email addresses, phone numbers and passport documents.

 

To prove the authenticity of its claims, Anubis leaked a sample of the stolen data on its dark web page. AkzoNobel, founded in 1792 and which operates in over 150 countries today through brands like Dulux, Sikkens and Interpon, did not mention suffering a cyber security incident on its website but confirmed that one of its U.S.-based sites had been targeted.

 

"AkzoNobel has identified a security incident at one of our sites in the United States. The incident was limited to the respective site and was already contained," the paints manufacturer told BleepingComputer. "The impact is limited, and we are taking the appropriate steps to notify and support impacted parties and will work closely with relevant authorities." 

 

AkzoNobel runs more than thirty manufacturing and technology research sites in the United States and employs more than 3,200 people in the country. Its most popular site is a 11-acre aerospace hub in Waukegan, Illinois, that specialises in coatings, primers, and sealants.  

 

The company did not state whether it had identified the criminal group that perpetrated the attack or whether it had received a ransom note following the attack on its U.S. website. 

 

The company has over 32,000 people running its global operations and generates over $12 billion in annual revenue, which makes it a prime target for opportunistic cybercriminal groups. Anubis, operating since December 2024, has developed a robust ransomware ecosystem where affiliates take home 80% of ransom earnings. 

 

The ransomware group has leaked a small portion of the stolen data on its leaks site possibly to pile more pressure on the company to pay a ransom. It is not known yet if a ransom was eventually paid or if negotiations are in progress.