Ransomware Attacks Cornerstone Building Brands ($CNR)

Cornerstone Building Brands, a provider of commercial and residential building supplies, suffered a ransomware attack sometime in August 2020, according to an SEC filing.

The type of ransomware that hit Cornerstone was not disclosed. Within the filing, Cornerstone stated:

“…we detected a ransomware attack impacting certain of our operational and information technology systems. We are in the early stages of investigating the incident, together with law enforcement authorities, legal counsel and other incident response professionals. While we have recovered many of our critical operational data and business systems, the attack could lead to the public disclosure of customer data, our trade secrets or other intellectual property, or personal information of our employees. The release of any of this information could have a material adverse effect on our business, reputation, financial condition and results of operations.”

Cornerstone did not disclose which incident response professionals are assisting the investigation and data recovery effort. The company also did not disclose if Cornerstone works with MSSPs (managed security services providers) to mitigate cybersecurity risks.

Cornerstone Ransomware Attack: About the Malware Target

Cornerstone is a major supplier of commercial and residential exterior building products — including windows, doors, roofing, gutters and more. Net sales were $1.08 billion in Q2 2020, according to an August 11 earnings announcement.

How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.

Return Home



    Willis Hinegar:

    As a former employee I feel my personal information has been breached. Employees received letters stating that there system was hacked several months ago and certain or all employees personal info my have been taken. Cornerstone stated that they were monitoring the situation closely and then this happens. I myself am concerned. Maybe I should take legal action against them.

    Melvin tyree:

    Will employees receive any compensation for lost time, no fault of there own.

    Bill Baggins:

    This is thier 3rd cyber incident in the past 1.5 years. 2 email hacks and now the ransomware. Perhaps a class action seems appropriate.

Leave a Reply

Your email address will not be published.