Hafele suffers ransomware attack

Furniture fittings manufacturer Hafele has experienced a ransomware attack. Lockbit orchestrated the ransomware attack on Hafele’s Internet facing infrastructure. Lockbit and Hafele have confirmed the attack. We look at the details of this ransomware attack below.

Key points about the ransomware attack on Hafele

• Hafele suffered a ransomware attack on 2nd February 2023. The attack caused a severe impact on Hafele’s website and customer service delivery.

• The attack was carried out by the ransomware operator Lockbit. It confirmed the attack yesterday i.e. on 28th February 2023.

• Lockbit has given 14 days to Hafele to make ransom payments. It has threatened to dump the encrypted and compromised data on 15th March 2023.

• Meanwhile, business operations at Hafele continue to remain affected. Hafele has resurrected the corporate website. However, the website works with impaired functionality as we write this.

• Online customer support is unavailable to existing and new customers.

• Customer account login is unavailable and customers cannot access the ‘My account’ section of Hafele’s website.

• The full impact of the ransomware attack is unclear at this point. However, it does appear that the customer data may have been accessed by the ransomware operator because the account management facility and functionality is compromised on Hafele’s website.

• It needs to be confirmed if Hafele has been able to organize and complete a full-fledged audit of the ransomware attack and the subsequent impact on business operations.

• On a similar note, it remains to be seen if the payment data or the credit card data of customers has been compromised by Lockbit.

Hafele needs to confirm the exact impact over the next few weeks. For now, we know that the company is making efforts to restore business operations in a phased approach.

We believe that it may take a few more weeks for Hafele to resume operations on a normal scale. However, the interesting question mark revolves around the type, scope, and extent of data compromised by Lockbit.

There are also question marks about the exposure of Hafele’s US infrastructure and network in this ransomware attack.

Hafele’s statement about the ransomware attack

Hafele has posted a brief statement on its website. The last update of the cyber incident was released on 15th February. Lockbit’s confirmation came on 28th February 2023. Presumably, the company and the ransomware operator may have been engaged in negotiation. Upon the failure of negotiations, Lockbit has released a timeline to dump company data online.

The contents of the company statement are shared below:

About Hafele

Hafele is one of the biggest companies that manufacture furniture fittings and architectural hardware. It was established in 1923 and has grown consistently over the past 90 years. Häfele employs more than 6,000 employees and has 37 subsidiaries, as well as many additional dealerships throughout the world.

The current ransomware attack seems to have been largely limited to Hafele’s US website – https://www.hafele.com/us/en/

About Lockbit 3.0

Lockbit 3.0 is a ransomware operator. It operates from Russia and is known to have deep tech capabilities in exploiting existing vulnerabilities to access corporate networks and websites.

Lockbit 3.0 is known to cause severe disruption to the business operations of corporations all over the world. It orchestrates ransomware attacks on digital infrastructure. In most cases, the ransomware operator seeks a ransom to decrypt the data.

Some of the recent famous attacks include the ransomware attack by Lockbit on Britain’s Royal Mail services.

Other security incidents or cyber attacks that we have tracked:

• Axis Bank targeted in a ransomware attack