Cyberattacks continue to hit major global companies, and the latest victim is Dutch paint and coatings giant AkzoNobel. The company recently confirmed that hackers breached one of its U.S. locations, highlighting once again how even large multinational corporations remain vulnerable to ransomware groups.
In this blog, we’ll break down what happened, who may be responsible, what data might have been exposed, and why this incident matters for businesses worldwide.
A Global Paint Giant Hit by Hackers
AkzoNobel is one of the largest paints and coatings companies in the world. The company employs roughly 35,000 people, operates in more than 150 countries, and generates over $12 billion in annual revenue. Its portfolio includes well-known brands such as Dulux, Sikkens, International, and Interpon.
Given its global footprint and industrial importance, the company represents a valuable target for cybercriminal groups seeking financial gain or sensitive corporate data.
The incident first came to light after a ransomware group claimed responsibility for breaching one of AkzoNobel’s U.S. facilities.
What the Company Said About the Breach
AkzoNobel confirmed that hackers infiltrated the network of one of its U.S. sites, but the company stated that the attack was contained and did not spread to other systems.
According to the company:
- The incident was limited to a specific U.S. location
- The breach has already been contained
- The overall impact on operations appears to be limited
While this statement aims to reassure stakeholders, cybersecurity experts often caution that early assessments can change as investigations continue.
The Role of the Anubis Ransomware Group
The cyberattack has been linked to the Anubis ransomware gang, a relatively new but increasingly active cybercrime operation.
The group claims it stole:
- 170 GB of data
- Nearly 170,000 files
The hackers also published samples of the stolen data on their leak site to pressure the company into paying a ransom.
The exposed files allegedly include:
- Confidential agreements with clients
- Internal emails and business correspondence
- Phone numbers and email addresses
- Passport scans and personal information
- Technical documents and product specifications
This type of tactic is known as double extortion, where attackers both encrypt data and threaten to leak it publicly.
Who Is the Anubis Ransomware Operation?
Anubis is part of the growing Ransomware-as-a-Service (RaaS) ecosystem. In this model, developers create the ransomware platform while affiliates carry out attacks and share profits.
Key facts about the group:
- Launched around December 2024
- Runs an affiliate program where partners perform attacks
- Affiliates can reportedly keep up to 80% of ransom payments
This business model has significantly expanded ransomware operations because it lowers the barrier for cybercriminals to conduct attacks.
Potential Risks From the Data Leak
If the attackers’ claims are accurate, the stolen data could pose serious risks to employees, partners, and customers.
Possible consequences include:
Identity Theft
Passport scans and personal information could be used for fraud or identity theft.
Phishing and Social Engineering
Attackers can use leaked email addresses and internal communications to launch targeted phishing campaigns.
Corporate Espionage
Technical documents and product specifications could be valuable to competitors or nation-state actors.
Reputational Damage
Data breaches often erode customer trust and may lead to regulatory scrutiny.
Why Manufacturing Companies Are Increasingly Targeted
The manufacturing and industrial sector has become a frequent target for ransomware groups for several reasons:
- Operational urgency – downtime in manufacturing can cost millions.
- Legacy systems – older industrial infrastructure may lack modern security.
- High-value intellectual property – product designs and industrial processes are valuable targets.
For cybercriminals, companies like AkzoNobel represent high-value opportunities for ransom payments.
Lessons From the AkzoNobel Cyberattack
This incident underscores several key lessons for organizations worldwide.
1. Cybersecurity is a business risk, not just an IT issue
Major corporations with large security budgets can still be compromised.
2. Ransomware groups are evolving rapidly
New groups like Anubis are emerging and building sophisticated operations.
3. Data theft is now the primary leverage
Attackers increasingly rely on leaking stolen data to force payments.
4. Incident response readiness is essential
Quick containment can limit the damage from cyber intrusions.
Final Thoughts
The AkzoNobel cyberattack is another reminder that no organization is immune to cyber threats. Even global industrial leaders with strong reputations can become targets for ransomware gangs seeking valuable data and large payouts.
As ransomware groups continue to evolve their tactics, companies must invest not only in cybersecurity tools but also in employee awareness, threat monitoring, and rapid incident response.
For businesses worldwide, the message is clear: cybersecurity is no longer optional—it’s a critical part of protecting operations, data, and trust in the digital age.
