Anubis ransomware claims to have stolen 170GB of sensitive corporate data, raising concerns for global manufacturing cybersecurity.
Cyberattack Detected at U.S. Facility
Global paints and coatings manufacturer AkzoNobel has confirmed a cybersecurity incident at one of its operational sites in the United States.
The company stated that attackers breached the network of the facility. However, internal security teams quickly detected the intrusion and contained the incident.
According to AkzoNobel, the breach remained limited to a single site. The company immediately activated its response procedures to prevent further spread.
The organization also stated that the operational impact appears minimal. Meanwhile, the company is working with relevant authorities and supporting affected stakeholders.
Anubis Ransomware Claims Data Theft
The Anubis ransomware group has claimed responsibility for the attack. The group alleges that it stole nearly 170GB of corporate data, which includes about 170,000 files.
To support its claim, the attackers published samples on their leak site. These samples include screenshots of internal documents and a list of stolen files.
The leaked data reportedly includes:
- Confidential agreements with major clients
- Internal technical specification documents
- Private email communications
- Passport scans and personal contact information
- Material testing and internal research documents
So far, only partial data appears to have been leaked. However, the exposure could still create privacy and security risks.
AkzoNobel’s Global Business Impact
AkzoNobel is one of the largest paints and coatings companies in the world. The company employs more than 35,000 people and generates over $12 billion in annual revenue.
Its product portfolio includes globally recognized brands such as Dulux, Sikkens, International, and Interpon.
Because the company operates in more than 150 countries, even a localized cyber incident raises broader concerns. Partners, suppliers, and clients could face indirect risks if sensitive data becomes exposed.
Rise of the Anubis Ransomware Operation
The attackers behind the incident operate under the Anubis ransomware-as-a-service (RaaS) model.
This model allows cybercriminal affiliates to use the ransomware infrastructure in exchange for a share of the ransom payments. Affiliates reportedly receive up to 80% of the ransom.
The group first appeared in December 2024. Since then, it has rapidly expanded its presence in the cybercrime ecosystem.
In February 2025, the operators launched an affiliate recruitment program on underground forums. This move significantly increased the group’s activity.
Later in June 2025, Anubis introduced a new capability: a data-wiping tool that permanently destroys victim files. This feature increases pressure on victims to pay.
Why Manufacturing Companies Are Prime Targets
Manufacturing and industrial companies have become major ransomware targets.
Attackers understand that production disruptions can cost organizations millions of dollars. Therefore, criminals often expect companies to pay quickly to restore operations.
Additionally, many industrial environments still rely on legacy systems and complex supply chains. These factors create additional security challenges.
As a result, organizations must strengthen:
- Network segmentation
- Data protection strategies
- Ransomware detection systems
- Incident response readiness
Strong cyber resilience helps companies limit damage even when an attack occurs.