Global Paint Giant AkzoNobel Confirms Cyberattack on U.S. Facility Amid Anubis Ransomware Claims

In a shocking revelation that has sent ripples through the global manufacturing sector, Dutch multinational paint and coatings powerhouse AkzoNobel has confirmed that one of its U.S. facilities fell victim to a cyberattack. The incident, which was swiftly contained, has raised alarms about the growing sophistication of ransomware gangs and the vulnerability of even the largest industrial players to cyber threats.

The breach came to light after the Anubis ransomware group, a relatively new but rapidly evolving threat actor in the cybercrime underworld, claimed responsibility for infiltrating AkzoNobel’s systems. According to the group, they managed to exfiltrate a staggering 170GB of sensitive data, comprising nearly 170,000 files. To prove their claims, Anubis leaked partial samples of the stolen data on their dark web leak site, including screenshots of confidential documents, internal technical specifications, and even personal information such as passport scans and email correspondence.

AkzoNobel, a titan in the paints and coatings industry with an annual revenue exceeding $12 billion and operations spanning over 150 countries, acted swiftly to contain the breach. A company spokesperson told BleepingComputer that the incident was limited to a single U.S. site and had been successfully contained. “The impact is limited, and we are taking the appropriate steps to notify and support impacted parties, and will work closely with relevant authorities,” the spokesperson said.

Despite the company’s assurances, the leaked data paints a concerning picture. Among the stolen files were confidential agreements with high-profile clients, private email correspondence, and internal technical documents. The breach has not only exposed sensitive business information but also raised questions about the security measures in place at one of the world’s largest paint manufacturers.

The Anubis Ransomware: A Rising Threat

Anubis, the group behind the attack, is a relatively new player in the ransomware-as-a-service (RaaS) ecosystem. Launched in December 2024, the group has quickly gained notoriety for its aggressive tactics and lucrative affiliate program. Offering affiliates an impressive 80% cut of ransom payments, Anubis has attracted a network of cybercriminals eager to capitalize on its success.

In February 2025, Anubis further bolstered its operations by launching an affiliate program on the RAMP forum, a popular hub for cybercriminals. This move significantly increased the group’s activity and influence in the cybercrime space. By June of the same year, Anubis had added a devastating new tool to its arsenal: a data wiper capable of destroying files beyond recovery. This escalation in tactics underscores the group’s determination to maximize its impact and pressure victims into paying ransoms.

The Broader Implications

The AkzoNobel breach is a stark reminder of the growing threat posed by ransomware groups to critical infrastructure and global industries. As companies increasingly digitize their operations, they become prime targets for cybercriminals seeking to exploit vulnerabilities for financial gain. The incident also highlights the need for robust cybersecurity measures, including regular vulnerability assessments, employee training, and incident response plans.

For AkzoNobel, the breach is a reputational and operational challenge. While the company has downplayed the impact, the exposure of sensitive client agreements and personal data could have long-term consequences. It also raises questions about the adequacy of cybersecurity protocols at even the most established multinational corporations.

What’s Next?

As the investigation into the breach continues, AkzoNobel has not disclosed whether it engaged with the Anubis ransomware group or paid any ransom demands. The company’s focus remains on containing the incident, supporting affected parties, and working with law enforcement to bring the perpetrators to justice.

For the cybersecurity community, the AkzoNobel breach serves as a wake-up call. It underscores the need for vigilance, collaboration, and innovation in the fight against cybercrime. As ransomware groups like Anubis continue to evolve, the stakes have never been higher for businesses and individuals alike.

Tags: AkzoNobel cyberattack, Anubis ransomware, data breach, cybersecurity, industrial espionage, ransomware-as-a-service, RaaS, cybercrime, data wiper, global manufacturing, paint industry, BleepingComputer, cyber threat, data leak, confidential data, high-profile clients, passport scans, internal documents, email correspondence, technical specifications, Dutch multinational, U.S. facility breach, limited impact, containment, law enforcement, cyber resilience, digital transformation, vulnerability assessment, employee training, incident response, reputational damage, operational challenge, cybersecurity protocols, ransomware evolution, affiliate program, RAMP forum, cybercrime space, financial gain, critical infrastructure, global industries, cyber vigilance, collaboration, innovation, law enforcement, justice, cybersecurity community, wake-up call, stakes, businesses, individuals, cyber vigilance, collaboration, innovation, law enforcement, justice, cybersecurity community, wake-up call, stakes, businesses, individuals.

,