Essendant confirms ransomware attack


Essendant, a wholesale distributor of office supplies, said a ransomware attack was behind its March 6 network outage.

Ransomware had been suspected to be the cause of the incident, as Essendant’s name appeared on LockBit’s dark web blog earlier this month. The multinational has now confirmed this was the case.

“The incident was limited to Essendant’s network and disrupted certain systems and operations for customers, suppliers, carriers, and our associates. Our investigation has determined that the outage was the result of a ransomware incident,” the company said.

Essendant even acknowledged that threat actors behind the attack “publicly claimed responsibility for this incident,” leaving no doubt LockBit ransomware syndicate was behind it.

Essendant Lockbit
Essendant posted on Lockbit's leak site. Image by Cybernews.

The statement published on March 16 says the company managed to complete a clean-up effort on orders that had been in process for distribution at the time of the attack. The company’s information points to a severe service disruption lasting over a week.

“Today, March 16, 2023, we are beginning the first steps in the next phase of our work to establish connections with Essendant’s systems and electronic feeds. This is inclusive of end-to-end testing that must be successful before we can launch limited pick, pack, and ship capabilities,” Essendant said.

Essendant, formerly called United Stationers, was incorporated under that name in 1922, having been founded in 1906 as Utility Supply Company. Today it boasts over 30 distribution facilities in the US, averaging 278,000 packages filled daily. According to Fortune, the company generated over $5 billion in revenue and employed over 6,000 people in 2016.

LockBit is the most prominent ransomware gang of the past year. According to the dark-web monitoring platform, DarkFeed, LockBit is the most active ransomware gang, with a total of over 1,500 victims and counting.

Data collected by cybersecurity company Malwarebytes shows Lockbit victimized over 50 organizations in February alone. The gang recently boasted of breaching a SpaceX contractor.