RRD Suffers Data Theft in a Conti Ransomware Attack
The Marketing Giant Confirmed the Fact that the Threat Actors Stole Important Data in a Cyberattack.
R.R. Donnelley is a Fortune 500 integrated communications corporation based in the United States that offers marketing and business communications, commercial printing, and other associated services. The company’s corporate offices are in Chicago, Illinois, in the United States. R.R. Donnelley was the world’s largest commercial printer in 2007.
RRD submitted a Form 8-K with the SEC on December 27th, stating that they had experienced a “systems intrusion in its technological environment,” which resulted in the shutdown of their network to prevent the assault from spreading.
An SEC filing is a financial statement or other official document presented to the Securities and Exchange Commission of the United States.
Customers experienced difficulties as a result of the shutdown of IT services, with some unable to get printed papers necessary for vendor payments, disbursement checks, and motor vehicle documentation.
While RRD initially said that they were unaware of any customer data obtained during the assault, the Conti ransomware group took credit and began releasing 2.5GB of data purportedly acquired from RRD on January 15th.
RRD recently filed a supplemental 8-K confirming that data was taken during the hack. The organization also declared that it is taking all necessary precautions to secure its and its clients’ information.
On December 27, 2021, R. R. Donnelley & Sons Company (the “Company”), announced it had recently identified a systems intrusion in its technical environment. The Company promptly implemented a series of containment measures to address this situation, including activating its incident response protocols, shutting down its servers and systems and commencing a forensic investigation. The Company has engaged a cybersecurity expert to examine the incident and to oversee the implementation of appropriate remedial actions. The Company has notified and is working with appropriate law enforcement authorities. As a precautionary measure, the Company has isolated a portion of its technical environment in an effort to contain the intrusion.
The Company is actively engaged in restoring the affected systems and returning to normal levels of operations. At this time, the Company is not aware of any compromise of client data. The Company is in the early stages of its investigation and assessment of the security event and cannot determine at this time the extent of the material adverse impact, if any, from such event on its business, results of operations or financial condition.
The ransomware attack happened soon after announcing their definitive merger agreement to be acquired by Chatham Asset Management.
How Can Heimdal™ Help?
Ransomware is one of today’s most widespread and severe cyber threats, with usually dangerous repercussions. Learning how to avoid it should be a top priority for any business concerned about the safety of its employees, clients, partners, assets, money, and business processes.
In the fight against ransomware, Heimdal Security provides its customers with an exceptional integrated cybersecurity suite that includes the Ransomware Encryption Protection module, which is universally compatible with any antivirus solution and is completely signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile).