Furniture fittings manufacturer Hafele has experienced a ransomware attack. Lockbit orchestrated the ransomware attack on Hafele’s Internet facing infrastructure. Lockbit and Hafele have confirmed the attack. We look at the details of this ransomware attack below.
Key points about the ransomware attack on Hafele
- Hafele suffered a ransomware attack on 2nd February 2023. The attack caused a severe impact on Hafele’s website and customer service delivery.
- The attack was carried out by the ransomware operator Lockbit. It confirmed the attack yesterday i.e. on 28th February 2023.
- Lockbit has given 14 days to Hafele to make ransom payments. It has threatened to dump the encrypted and compromised data on 15th March 2023.
- Meanwhile, business operations at Hafele continue to remain affected. Hafele has resurrected the corporate website. However, the website works with impaired functionality as we write this.
- Online customer support is unavailable to existing and new customers.
- Customer account login is unavailable and customers cannot access the ‘My account’ section of Hafele’s website.
- The full impact of the ransomware attack is unclear at this point. However, it does appear that the customer data may have been accessed by the ransomware operator because the account management facility and functionality is compromised on Hafele’s website.
- It needs to be confirmed if Hafele has been able to organize and complete a full-fledged audit of the ransomware attack and the subsequent impact on business operations.
- On a similar note, it remains to be seen if the payment data or the credit card data of customers has been compromised by Lockbit.
Hafele needs to confirm the exact impact over the next few weeks. For now, we know that the company is making efforts to restore business operations in a phased approach.
We believe that it may take a few more weeks for Hafele to resume operations on a normal scale. However, the interesting question mark revolves around the type, scope, and extent of data compromised by Lockbit.
There are also question marks about the exposure of Hafele’s US infrastructure and network in this ransomware attack.
Hafele’s statement about the ransomware attack
Hafele has posted a brief statement on its website. The last update of the cyber incident was released on 15th February. Lockbit’s confirmation came on 28th February 2023. Presumably, the company and the ransomware operator may have been engaged in negotiation. Upon the failure of negotiations, Lockbit has released a timeline to dump company data online.
The contents of the company statement are shared below:
The hafele.com website is currently being reactivated.
On the night of February 2, 2023, there was a ransomware attack on the IT systems of the Häfele Worldwide Group from an external source. The preventative shutdown of our systems is now being followed by a gradual and controlled reactivation.
>>>Further information (Stand 15.02.2023)
Currently, you can access all item information again through our website. Additional website functionality will be reactivated gradually as the Häfele systems are restored to normal operations.
Please note that hafele.com cannot currently support the following functions
- Logging in to your Häfele account to place orders
- Logging in to access the My Account area (e.g. order tracking, quotations, etc.)
- Contacting our Customer Service or Technical teams to determine order status, ask advice, etc. (Note: If you have a Häfele Sales representative, they can be reached on their mobile phone to further assist you.)
Hafele is one of the biggest companies that manufacture furniture fittings and architectural hardware. It was established in 1923 and has grown consistently over the past 90 years. Häfele employs more than 6,000 employees and has 37 subsidiaries, as well as many additional dealerships throughout the world.
The current ransomware attack seems to have been largely limited to Hafele’s US website – https://www.hafele.com/us/en/
About Lockbit 3.0
Lockbit 3.0 is a ransomware operator. It operates from Russia and is known to have deep tech capabilities in exploiting existing vulnerabilities to access corporate networks and websites.
Lockbit 3.0 is known to cause severe disruption to the business operations of corporations all over the world. It orchestrates ransomware attacks on digital infrastructure. In most cases, the ransomware operator seeks a ransom to decrypt the data.
Some of the recent famous attacks include the ransomware attack by Lockbit on Britain’s Royal Mail services.
Other security incidents or cyber attacks that we have tracked:
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.