PeroxyChem cyber attack affected its core corporate infrastructure and impacted business operations. Data breach resulted in financial data stolen by hackers.
On April 24, 2020 PeroxyChem experienced a ransomware cyber attack. It partly affected its core corporate infrastructure and a small number of user endpoints, according to company’s press release. The attack was focused on PeroxyChem’s corporate systems and was designed to impact its business operations.
After the cyber attack hackers have stolen a significant amount of PeroxyChem’s accounts payable and removed a limited amount of employee data. According to the company, this attack has not impacted any customer IT environments.
“PeroxyChem’s plants continue to operate normally and we have deployed back-up processes to ensure we continue to fulfill our customers’ orders”
PeroxyChem informed its clients and vendors. The company provided security recommendation, assuming their business contacts might fall victims of false invoicing or other fraudulent behaviour. They also shut down several services such as VPN, Internet Access and SAP.
PeroxyChem engaged CrowdStrike to conduct an investigation, and contacted law enforcement agencies in different countries.
PeroxyChem data leaked
The group behind the attack on PeroxyChem is Maze. After the attack Maze posted a notice on their website. Maze attached an archive with financial data as a proof of successful data breach.
According ty Cyble, the data leak from PeroxyChem is around 2.5 GB and includes sensitive and financial documents of the company. The data includes the company’s Sales forecasts documents, customer’s records, and many more.
PeroxyChem is a chemicals production company with headquaters in Philadelphia. The company produces hydrogen peroxide (H2O2) and peracetic acid (PAA). They own facilities in North America, Europe and Asia and employ approximately 550 people globally. Evonik Industrie acquired PeroxyChem in 2018 by for $625 million.
PeroxyChem noted that they did not have enough tome to integrate their IT systems with those of Evonik. Therefore, this attack did not have any impact on Evonik’s IT systems.