Distributor of office supplies Essendant has disclosed today that it suffered a ransomware incident on March 6, 2023, which forced the firm to take all its systems offline.
Essendant, formerly known as United Stationers, is an Illinois-based office supplies distributor with consolidated annual net sales that surpass $5.3 billion.
After engaging with cybersecurity specialists and third-party forensics experts to conduct an internal investigation, the company determined that the outage was the result of a ransomware incident.
“The incident was limited to Essendant’s network, and disrupted certain systems and operations for customers, suppliers, carriers, and our associates.”Essendant
The company’s statement also acknowledges that a threat actor has publicly claimed responsibility for the cyberattack, but the validity of these claims has not been officially confirmed yet.
RestorePrivacy has found that the threat group that took responsibility for the attack on Essendant is LockBit, a notorious ransomware gang that has been among the leading threats in the field since last year.
LockBit published all files stolen from Essendant on its extortion site on the dark web on March 18, 2023, which typically means that they didn’t manage to convince the firm to pay them a ransom.
The files published on the site include financial reports, documents containing personally identifiable information of employees, contracts with resellers, and many more.
Essendant has not confirmed that the leaked data contains any information on its customers, so this crucial aspect remains an open question at this time.
System Restoration Underway
Essendant has also been publishing updates about the status of its systems on a separate space to inform its suppliers, customers, and carriers about the system restoration process following the ransomware attack.
As of Monday, March 20, 2023, the company says that “pick, pack, and ship” systems are fully operational, supporting customer transactions, order placement, and making reaching customer care available again.
However, the firm is still warning about the following remaining issues:
- Customer care is only reachable via email, as phones are still not available.
- Customer care responses will take longer than normal to reach clients due to the high email volumes.
- Any orders placed prior to 3/17 9:00 am CT will not receive a confirmation response as they are no longer on its email system.
- Orders and service requests will be processed in order of priority.
- Large work requests sent in spreadsheets won’t be accepted at this time.
- Credit card orders, execution of 2P/3P contracts, special order placement, Green Rabbit orders, and special handling activities from warehouse are not supported yet.
All this makes it evident that Essendant is still far from being fully operational 18 days after the ransomware attack occurred, perfectly illustrating how damaging these attacks can be for large businesses.