RR Donnelly has confirmed that threat actors stole data in a cyberattack in December, confirmed by BleepingComputer to be a Conti ransomware attack.
RR Donnelly (RRD) is a leading integrated services company providing communications, commercial printing and marketing services to corporate clients. The company employs 33,000 people at more than 200 locations and earned $4.93 billion in 2021.
RRD Suffers Conti Ransomware Attack
On December 27, RRD filed a Form 8-K with the SEC revealing that they suffered a “systems intrusion into its technical environment” which led to their network being shut down to prevent the attack from spreading.
The shutdown of IT systems caused disruptions for customers, with unable to receive printed documents required for vendor payments, disbursement checks and motor vehicle documentation.
While RRD initially said it was unaware of any customer data stolen in the attack, on January 15 the Conti ransomware gang claimed responsibility and began leaking 2.5 GB of data. allegedly stolen from RRD.
However, a source told BleepingComputer that Conti quickly removed the data from public view after RRD entered into new negotiations to prevent the data from being released.
Yesterday, RRD released an additional 8-K dossier confirming that data was stolen in the attack. The company also said it takes all appropriate steps to protect its information and that of its customers.
“At this time, however, the company has become aware that some of its corporate data has been accessed and exfiltrated, the nature of which is being actively investigated. Based on information known to date, the company believes that the “access and exfiltration were in connection with the previously disclosed systems intrusion and not a new incident,” reads the new SEC filing.
“The Company keeps its customers informed of all relevant updates on an ongoing basis and plans to take all appropriate measures to protect the integrity of the Company’s data and customer information.”
The ransomware attack came just after they announced their definitive merger agreement to be acquired by Chatham Asset Management.
In November, the FBI issued a private industry notification warning that ransomware gangs typically time their attacks to coincide with significant financial events, such as mergers and acquisitions, as leverage to trick victims into paying ransoms.
BleepingComputer contacted RRD with further questions related to the attack but did not receive a response.