WestRock Company
Company Details
Linkedin ID:
westrockcompany
Website:
Employees number:
13,632
Number of followers:
303,401
NAICS:
326112
Industry Type:
Homepage:
smurfitwestrock.com
IP Addresses:
0
Company ID:
WES_2292669
Scan Status:
In-progress
WestRock Company Company CyberSecurity Posture
smurfitwestrock.com
Smurfit Westrock is the global leader of paper-based packaging solutions. With more than 100,000 employees, 500 converting operations, and 63 mills across 40 countries, we provide our customers with an expansive range of distinctive, innovative products. Learn more about how we’re creating the future of packaging together. www.smurfitwestrock.com
WestRock Company A.I CyberSecurity Scoring
WestRock Company Risk Score (AI oriented)Between 700 and 749
WestRock Company
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
WestRock Company Global Score (TPRM)XXXX
WestRock Company
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
WestRock Company Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
Combi Security
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Combi Security, an Israeli-Russian front company, was central to operations organised by the cybercriminal group known as Fin7. Using the Carbanak malware, Fin7 successfully orchestrated a series of sophisticated attacks targeting over thirty countries' banking institutions, accumulating thefts surpassing €1 billion over a span of three years. The malware facilitated unauthorized remote access to financial systems, enabling manipulation of ATM machines for cash withdrawal ('jackpotting') and compromising point-of-sale data. These orchestrated thefts culminated in massive financial losses for the affected institutions and compromised the details of 15 million payment cards, particularly impacting over 120 U.S. companies, including notable names like Chipotle and Arby’s. Despite the arrests of several key figures, including the supposed ringleader in Spain and three Ukrainian nationals by the U.S. Department of Justice, the full extent of the damage and the potential continuation of their criminal activities under different techniques remain concerns for global financial security.
WestRock Company
Ransomware
Rankiteo Explanation
Attack limited on finance or reputation
Description: WestRock Company was attacked by ransomware in January 2021 which disrupted many of its systems. The company immediately initiated efforts to contain the attack and restore the systems. But the attack impacted the Company’s business and adversely resulted in WestRock’s financial results.
WestRock Company
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: WestRock, a leading provider of differentiated paper and packaging solutions, fell victim to a ransomware attack on **January 23, 2021**, severely disrupting its **IT and operational technology systems**. The incident caused a **$189 million decline in net sales** and an **$80 million reduction in segment income** during Q2 2021 due to lost sales and operational disruptions. Additionally, the company incurred **$20 million in recovery costs**, primarily for professional fees tied to incident response, forensic investigations, and system restoration. While WestRock anticipated recovering losses through **cyber and business interruption insurance**, the attack forced prolonged downtime, supply chain delays, and reputational damage. The financial strain extended beyond immediate ransom payments (if any), highlighting how ransomware can cripple core business functions, erode customer trust, and trigger long-term operational setbacks. The attack underscored the cascading financial and operational risks of ransomware, particularly for manufacturing and logistics-dependent enterprises.
WestRock Company Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for WestRock Company
Incidents vs Packaging and Containers Manufacturing Industry Average (This Year)
No incidents recorded for WestRock Company in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for WestRock Company in 2025.
Incident Types WestRock Company vs Packaging and Containers Manufacturing Industry Avg (This Year)
No incidents recorded for WestRock Company in 2025.
Incident History — WestRock Company (X = Date, Y = Severity)
WestRock Company cyber incidents detection timeline including parent company and subsidiaries
WestRock Company Company Subsidiaries
Smurfit Westrock is the global leader of paper-based packaging solutions. With more than 100,000 employees, 500 converting operations, and 63 mills across 40 countries, we provide our customers with an expansive range of distinctive, innovative products. Learn more about how we’re creating the future of packaging together. www.smurfitwestrock.com
Loading...
WestRock Company Similar Companies
Avery Dennison
We are a global materials science and digital identification solutions company with locations in over 50 countries, and approximately 35,000 employees worldwide. We are Making Possible™ products and solutions that provide branding and information solutions that optimize labor and supply chain effic
Sealed Air Corporation
Sealed Air is in business to protect, to solve critical packaging challenges, and to make our world better than we find it. Our automated packaging solutions promote a safer, more resilient, and less wasteful global food, fluids and liquids supply chain, enable e-commerce, and protect goods in trans
As a global leader in packaging solutions for consumer and healthcare products, our industry-leading innovation capabilities, global scale and technical expertise help our customers grow and meet the needs of millions of consumers every day. We accelerate the possible by redefining what can be done,
Graphic Packaging International
Graphic Packaging Holding Company (NYSE: GPK), headquartered in Atlanta, Georgia, designs and produces consumer packaging, made primarily from renewable or recycled materials. An industry leader in innovation, the Company is committed to reducing the environmental footprint of consumer packaging. Gr
.png)
WestRock Company CyberSecurity News
November 28, 2025 08:00 AM
Why Is Smurfit Westrock (SW) Down 0.7% Since Last Earnings Report?
Smurfit Westrock (SW) reported earnings 30 days ago. What's next for the stock? We take a look at earnings estimates for some clues.
November 10, 2025 08:00 AM
40 CIOs On the Move
This month, we're spotlighting 40 forward-thinking CIOs, CTOs, and CISOs taking new positions in enterprise technology and security...
November 10, 2025 08:00 AM
Smurfit Westrock to close Atlanta plant, affecting 55 workers
The closure is slated for completion early in 2026 as part of the company's ongoing optimization efforts.
November 09, 2025 08:00 AM
Westrock Coffee Company (NASDAQ:WEST) Just Reported Earnings, And Analysts Cut Their Target Price
There's been a notable change in appetite for Westrock Coffee Company ( NASDAQ:WEST ) shares in the week since its...
November 09, 2025 08:00 AM
Don't Race Out To Buy Smurfit Westrock Plc (NYSE:SW) Just Because It's Going Ex-Dividend
Smurfit Westrock Plc ( NYSE:SW ) stock is about to trade ex-dividend in 4 days. The ex-dividend date is one business...
October 30, 2025 07:00 AM
Smurfit Westrock in profit but trims outlook over planned downtime
The paper based packaging group reported a net income of $245m for the quarter ended 30 September 2025.
October 29, 2025 07:00 AM
Smurfit Westrock to close California corrugated facility, affecting 141 workers
CEO Tony Smurfit referenced the closure during a Wednesday earnings call, noting the company will continue “closing down inefficient or...
October 23, 2025 07:00 AM
Smurfit Westrock to Report Q3 Earnings: Here's What to Expect
SW is set to post Q3 results on Oct. 29, with revenues and EPS expected to rise despite merger costs and volume headwinds.
October 22, 2025 07:00 AM
Smurfit Westrock (SW) Reports Next Week: Wall Street Expects Earnings Growth
Smurfit Westrock (SW) possesses the right combination of the two key ingredients for a likely earnings beat in its upcoming report.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
WestRock Company CyberSecurity History Information
Official Website of WestRock Company
The official website of WestRock Company is http://www.smurfitwestrock.com.
WestRock Company’s AI-Generated Cybersecurity Score
According to Rankiteo, WestRock Company’s AI-generated cybersecurity score is 725, reflecting their Moderate security posture.
How many security badges does WestRock Company’ have ?
According to Rankiteo, WestRock Company currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does WestRock Company have SOC 2 Type 1 certification ?
According to Rankiteo, WestRock Company is not certified under SOC 2 Type 1.
Does WestRock Company have SOC 2 Type 2 certification ?
According to Rankiteo, WestRock Company does not hold a SOC 2 Type 2 certification.
Does WestRock Company comply with GDPR ?
According to Rankiteo, WestRock Company is not listed as GDPR compliant.
Does WestRock Company have PCI DSS certification ?
According to Rankiteo, WestRock Company does not currently maintain PCI DSS compliance.
Does WestRock Company comply with HIPAA ?
According to Rankiteo, WestRock Company is not compliant with HIPAA regulations.
Does WestRock Company have ISO 27001 certification ?
According to Rankiteo,WestRock Company is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of WestRock Company
WestRock Company operates primarily in the Packaging and Containers Manufacturing industry.
Number of Employees at WestRock Company
WestRock Company employs approximately 13,632 people worldwide.
Subsidiaries Owned by WestRock Company
WestRock Company presently has no subsidiaries across any sectors.
WestRock Company’s LinkedIn Followers
WestRock Company’s official LinkedIn profile has approximately 303,401 followers.
NAICS Classification of WestRock Company
WestRock Company is classified under the NAICS code 326112, which corresponds to Plastics Packaging Film and Sheet (including Laminated) Manufacturing.
WestRock Company’s Presence on Crunchbase
No, WestRock Company does not have a profile on Crunchbase.
WestRock Company’s Presence on LinkedIn
Yes, WestRock Company maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/westrockcompany.
Cybersecurity Incidents Involving WestRock Company
As of December 17, 2025, Rankiteo reports that WestRock Company has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
WestRock Company has an estimated 2,204 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at WestRock Company ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Breach.
What was the total financial impact of these incidents on WestRock Company ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $1 billion.
How does WestRock Company detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with efforts to contain the attack, and recovery measures with efforts to restore the systems, and law enforcement notified with u.s. department of justice, and company with sinclair broadcast group, details with restored network from backups; no ransom paid, company with blackbaud, inc., details with prevented full encryption; expelled threat actor; paid ransom, company with westrock company, details with incurred recovery costs; expects insurance reimbursement, company with radiant logistics, details with took systems offline; engaged forensic experts and legal counsel, company with faneuil, details with engaged legal counsel and cybersecurity firms; implemented containment/remediation, and company with radiant logistics, assistance with forensic experts, it professionals, company with faneuil, assistance with legal counsel, leading cybersecurity firms, and company with colonial pipeline, details with doj seized $2.3 million of ransom payment, and company with faneuil, measures with systems containment; remediation, company with radiant logistics, measures with systems taken offline, and company with sinclair broadcast group, measures with network restoration from backups, company with blackbaud, inc., measures with expelled threat actor; risk mitigation, company with mineral technologies, measures with system restoration ($4 million), company with benchmark electronics, measures with incident response and recovery, and company with radiant logistics, strategy with proactively engaging affected customers/employees..
Incident Details
Can you provide details on each incident ?
Title: WestRock Company Ransomware Attack
Description: WestRock Company was attacked by ransomware in January 2021 which disrupted many of its systems. The company immediately initiated efforts to contain the attack and restore the systems. But the attack impacted the Company’s business and adversely resulted in WestRock’s financial results.
Date Detected: January 2021
Type: Ransomware Attack
Title: Fin7 Cyber Attacks using Carbanak Malware
Description: Combi Security, an Israeli-Russian front company, was central to operations organised by the cybercriminal group known as Fin7. Using the Carbanak malware, Fin7 successfully orchestrated a series of sophisticated attacks targeting over thirty countries' banking institutions, accumulating thefts surpassing €1 billion over a span of three years. The malware facilitated unauthorized remote access to financial systems, enabling manipulation of ATM machines for cash withdrawal ('jackpotting') and compromising point-of-sale data. These orchestrated thefts culminated in massive financial losses for the affected institutions and compromised the details of 15 million payment cards, particularly impacting over 120 U.S. companies, including notable names like Chipotle and Arby’s. Despite the arrests of several key figures, including the supposed ringleader in Spain and three Ukrainian nationals by the U.S. Department of Justice, the full extent of the damage and the potential continuation of their criminal activities under different techniques remain concerns for global financial security.
Type: Cyber Attack
Attack Vector: Malware
Vulnerability Exploited: Unauthorized remote access, ATM jackpotting, Point-of-sale data compromise
Threat Actor: Fin7
Motivation: Financial Gain
Title: Ransomware Attacks on Major Companies (2020-2021)
Description: A series of high-profile ransomware attacks in 2020-2021 affected multiple publicly traded companies, resulting in significant financial losses, operational disruptions, and legal expenses. Notable incidents included attacks on JBS, Colonial Pipeline, ExaGrid, Sinclair Broadcast Group, Blackbaud, WestRock, Radiant Logistics, Mineral Technologies, Benchmark Electronics, and Faneuil. Ransom payments ranged from millions to tens of millions, with additional costs from lost revenue, remediation, legal fees, and insurance claims.
Type: Ransomware
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyber Attack WES424042824
Financial Loss: Over €1 billion
Data Compromised: 15 million payment cards
Systems Affected: ATM machinesPoint-of-sale systems
Incident : Ransomware WES0713107102825
Financial Loss: Company: Sinclair Broadcast Group, Loss: $63 million (lost advertising revenue) + $11 million (remediation) = $74 million gross; $24 million net after insurance, Company: Blackbaud, Inc., Loss: $10.4 million (expenses) - $9.4 million (insurance) = $1 million net; $50 million anticipated legal expenses, Company: WestRock Company, Loss: $189 million (lost sales) + $80 million (segment income) + $20 million (recovery costs) = $289 million gross (insurance recovery expected), Company: Radiant Logistics, Loss: $750,000 (incident costs), Company: Mineral Technologies, Loss: $4 million (system restoration and risk mitigation), Company: Benchmark Electronics, Loss: $7.681 million (incident costs) - $3.989 million (insurance) = $3.692 million net, Company: Faneuil, Loss: $2.8 million (expenses and penalties) - $1.3 million (insurance received) = $1.5 million net (additional $0.6 million insurance expected), Company: JBS, Loss: $11 million (ransom paid), Company: Colonial Pipeline, Loss: $4.43 million (ransom paid; $2.3 million recovered by DOJ), Company: ExaGrid, Loss: $2.6 million (ransom paid),
Data Compromised: Company: Blackbaud, Inc., Data: Subset of data from self-hosted private cloud (customer/employee data), Company: Radiant Logistics, Data: Customer and employee data extracted from servers,
Systems Affected: Company: Sinclair Broadcast Group, Systems: Network (restored from backups), Company: WestRock Company, Systems: IT and operational technology systems, Company: Radiant Logistics, Systems: Operational and IT systems (taken offline), Company: Blackbaud, Inc., Systems: Self-hosted private cloud environment, Company: Benchmark Electronics, Systems: Customer and employee access systems, Company: Faneuil, Systems: Information technology systems.
Operational Impact: Company: Sinclair Broadcast Group, Impact: Disruption to advertising revenues (Q4 2021), Company: WestRock Company, Impact: Lost sales and operational disruption (Q2 2021), Company: Radiant Logistics, Impact: Loss of revenue and incremental costs (December 2021), Company: Benchmark Electronics, Impact: Disrupted customer and employee access (November 2019), Company: Faneuil, Impact: Containment and remediation measures (August 2021), Company: Colonial Pipeline, Impact: Operational shutdown (May 2021), Company: JBS, Impact: Disruption to meat processing operations (June 2021),
Revenue Loss: [{'company': 'Sinclair Broadcast Group', 'loss': '$63 million (advertising revenue)'}, {'company': 'WestRock Company', 'loss': '$189 million (net sales) + $80 million (segment income)'}, {'company': 'Radiant Logistics', 'loss': 'Unspecified (adverse effect on Q2 2022 results)'}]
Customer Complaints: [{'company': 'Blackbaud, Inc.', 'complaints': '570 claims for reimbursement from customers/attorneys'}]
Legal Liabilities: Company: Blackbaud, Inc., Liabilities: $50 million anticipated legal expenses; lawsuits proceeding (July 2021),
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $333.33 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Payment card details, Company: Blackbaud, Inc., Data: Customer and employee data (subset), Company: Radiant Logistics, Data: Customer and employee data and .
Which entities were affected by each incident ?
Incident : Ransomware Attack WES21121222
Entity Name: WestRock Company
Entity Type: Corporation
Industry: Manufacturing
Incident : Cyber Attack WES424042824
Entity Name: Various banking institutions
Entity Type: Financial
Industry: Banking
Location: Over thirty countries
Customers Affected: 120 U.S. companies, including Chipotle and Arby’s
Incident : Ransomware WES0713107102825
Entity Name: Sinclair Broadcast Group
Entity Type: Publicly Traded Company
Industry: Media and Broadcasting
Location: USA
Incident : Ransomware WES0713107102825
Entity Name: Blackbaud, Inc.
Entity Type: Publicly Traded Company
Industry: Cloud Technology
Location: USA
Customers Affected: Multiple (570 claims filed)
Incident : Ransomware WES0713107102825
Entity Name: WestRock Company
Entity Type: Publicly Traded Company
Industry: Paper and Packaging
Location: USA
Incident : Ransomware WES0713107102825
Entity Name: Radiant Logistics
Entity Type: Publicly Traded Company
Industry: Logistics and Transportation
Location: USA
Customers Affected: Customers and employees (data extracted)
Incident : Ransomware WES0713107102825
Entity Name: Mineral Technologies
Entity Type: Publicly Traded Company
Industry: Mineral Processing
Incident : Ransomware WES0713107102825
Entity Name: Benchmark Electronics
Entity Type: Publicly Traded Company
Industry: Electronics Engineering
Incident : Ransomware WES0713107102825
Entity Name: Faneuil (subsidiary of ALJ Regional)
Entity Type: Subsidiary
Industry: Business Process Outsourcing
Incident : Ransomware WES0713107102825
Entity Name: JBS
Entity Type: Private Company
Industry: Meat Processing
Location: Global (HQ in Brazil)
Size: World's largest meat processor
Incident : Ransomware WES0713107102825
Entity Name: Colonial Pipeline
Entity Type: Private Company
Industry: Energy (Fuel Pipeline)
Location: USA
Incident : Ransomware WES0713107102825
Entity Name: ExaGrid
Entity Type: Private Company
Industry: Data Backup Appliances
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware Attack WES21121222
Containment Measures: Efforts to contain the attack
Recovery Measures: Efforts to restore the systems
Incident : Cyber Attack WES424042824
Law Enforcement Notified: U.S. Department of Justice
Incident : Ransomware WES0713107102825
Incident Response Plan Activated: [{'company': 'Sinclair Broadcast Group', 'details': 'Restored network from backups; no ransom paid'}, {'company': 'Blackbaud, Inc.', 'details': 'Prevented full encryption; expelled threat actor; paid ransom'}, {'company': 'WestRock Company', 'details': 'Incurred recovery costs; expects insurance reimbursement'}, {'company': 'Radiant Logistics', 'details': 'Took systems offline; engaged forensic experts and legal counsel'}, {'company': 'Faneuil', 'details': 'Engaged legal counsel and cybersecurity firms; implemented containment/remediation'}]
Third Party Assistance: Company: Radiant Logistics, Assistance: Forensic experts, IT professionals, Company: Faneuil, Assistance: Legal counsel, leading cybersecurity firms.
Law Enforcement Notified: company: Colonial Pipeline, details: DOJ seized $2.3 million of ransom payment,
Containment Measures: Company: Faneuil, Measures: Systems containment; remediation, Company: Radiant Logistics, Measures: Systems taken offline,
Remediation Measures: Company: Sinclair Broadcast Group, Measures: Network restoration from backups, Company: Blackbaud, Inc., Measures: Expelled threat actor; risk mitigation, Company: Mineral Technologies, Measures: System restoration ($4 million), Company: Benchmark Electronics, Measures: Incident response and recovery,
Communication Strategy: Company: Radiant Logistics, Strategy: Proactively engaging affected customers/employees.
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as company: Sinclair Broadcast Group, details: Restored network from backups; no ransom paid, company: Blackbaud, Inc., details: Prevented full encryption; expelled threat actor; paid ransom, company: WestRock Company, details: Incurred recovery costs; expects insurance reimbursement, company: Radiant Logistics, details: Took systems offline; engaged forensic experts and legal counsel, company: Faneuil, details: Engaged legal counsel and cybersecurity firms; implemented containment/remediation, .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through company: Radiant Logistics, assistance: Forensic experts, IT professionals, company: Faneuil, assistance: Legal counsel, leading cybersecurity firms, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Cyber Attack WES424042824
Type of Data Compromised: Payment card details
Number of Records Exposed: 15 million
Sensitivity of Data: High
Incident : Ransomware WES0713107102825
Type of Data Compromised: Company: Blackbaud, Inc., Data: Customer and employee data (subset), Company: Radiant Logistics, Data: Customer and employee data,
Data Exfiltration: Company: Blackbaud, Inc., Details: Subset of data copied from private cloud, Company: Radiant Logistics, Details: Data extracted from servers before systems taken offline,
Data Encryption: [{'company': 'Blackbaud, Inc.', 'details': 'Partial encryption attempt (prevented)'}]
Personally Identifiable Information: Company: Blackbaud, Inc., Details: Likely (customer/employee data), Company: Radiant Logistics, Details: Likely (customer/employee data),
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: company: Sinclair Broadcast Group, measures: Network restoration from backups, company: Blackbaud, Inc., measures: Expelled threat actor; risk mitigation, company: Mineral Technologies, measures: System restoration ($4 million), company: Benchmark Electronics, measures: Incident response and recovery, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by efforts to contain the attack, company: faneuil, measures: systems containment; remediation, company: radiant logistics, measures: systems taken offline and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware WES0713107102825
Ransom Paid: company: JBS, amount: $11 millioncompany: Colonial Pipeline, amount: $4.43 million ($2.3 million recovered)company: ExaGrid, amount: $2.6 millioncompany: Blackbaud, Inc., amount: Undisclosed (ransom paid)
Ransomware Strain: company: ExaGrid, strain: Conticompany: Mineral Technologies, strain: Egregor
Data Encryption: [{'company': 'Blackbaud, Inc.', 'details': 'Partial (prevented full encryption)'}]
Data Exfiltration: [{'company': 'Blackbaud, Inc.', 'details': 'Subset of data exfiltrated'}, {'company': 'Radiant Logistics', 'details': 'Customer/employee data exfiltrated'}]
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Efforts to restore the systems.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Ransomware WES0713107102825
Legal Actions: Company: Blackbaud, Inc., Actions: 570 customer claims; lawsuits proceeding (July 2021),
Regulatory Notifications: companies: ['Sinclair Broadcast Group', 'Blackbaud, Inc.', 'WestRock Company', 'Radiant Logistics', 'Mineral Technologies', 'Benchmark Electronics', 'Faneuil'], details: SEC 8-K filings for material cyber incidents
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through company: Blackbaud, Inc., actions: 570 customer claims; lawsuits proceeding (July 2021), .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Ransomware WES0713107102825
Lessons Learned: Ransomware recovery costs extend beyond ransom payments, including legal expenses, remediation, and technical debt redress., Insurance reimbursements can offset but not fully cover financial losses., Publicly traded companies must report material cyber incidents to the SEC (8-K filings)., Post-incident security improvements (e.g., MFA) are often accelerated due to increased budgets., Data exfiltration is a common tactic alongside encryption in ransomware attacks.
What recommendations were made to prevent future incidents ?
Incident : Ransomware WES0713107102825
Recommendations: Implement multifactor authentication (MFA) and other delayed security projects proactively., Maintain offline backups to enable recovery without paying ransom., Engage third-party forensic and legal experts early in incident response., Review cyber insurance coverage to ensure adequate protection against ransomware losses., Monitor dark web for signs of stolen data being sold or leaked., Comply with SEC reporting requirements for material cyber incidents (within 4 days, per proposed rules).Implement multifactor authentication (MFA) and other delayed security projects proactively., Maintain offline backups to enable recovery without paying ransom., Engage third-party forensic and legal experts early in incident response., Review cyber insurance coverage to ensure adequate protection against ransomware losses., Monitor dark web for signs of stolen data being sold or leaked., Comply with SEC reporting requirements for material cyber incidents (within 4 days, per proposed rules).Implement multifactor authentication (MFA) and other delayed security projects proactively., Maintain offline backups to enable recovery without paying ransom., Engage third-party forensic and legal experts early in incident response., Review cyber insurance coverage to ensure adequate protection against ransomware losses., Monitor dark web for signs of stolen data being sold or leaked., Comply with SEC reporting requirements for material cyber incidents (within 4 days, per proposed rules).Implement multifactor authentication (MFA) and other delayed security projects proactively., Maintain offline backups to enable recovery without paying ransom., Engage third-party forensic and legal experts early in incident response., Review cyber insurance coverage to ensure adequate protection against ransomware losses., Monitor dark web for signs of stolen data being sold or leaked., Comply with SEC reporting requirements for material cyber incidents (within 4 days, per proposed rules).Implement multifactor authentication (MFA) and other delayed security projects proactively., Maintain offline backups to enable recovery without paying ransom., Engage third-party forensic and legal experts early in incident response., Review cyber insurance coverage to ensure adequate protection against ransomware losses., Monitor dark web for signs of stolen data being sold or leaked., Comply with SEC reporting requirements for material cyber incidents (within 4 days, per proposed rules).Implement multifactor authentication (MFA) and other delayed security projects proactively., Maintain offline backups to enable recovery without paying ransom., Engage third-party forensic and legal experts early in incident response., Review cyber insurance coverage to ensure adequate protection against ransomware losses., Monitor dark web for signs of stolen data being sold or leaked., Comply with SEC reporting requirements for material cyber incidents (within 4 days, per proposed rules).
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Ransomware recovery costs extend beyond ransom payments, including legal expenses, remediation, and technical debt redress.,Insurance reimbursements can offset but not fully cover financial losses.,Publicly traded companies must report material cyber incidents to the SEC (8-K filings).,Post-incident security improvements (e.g., MFA) are often accelerated due to increased budgets.,Data exfiltration is a common tactic alongside encryption in ransomware attacks.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Comply with SEC reporting requirements for material cyber incidents (within 4 days, per proposed rules)., Maintain offline backups to enable recovery without paying ransom., Monitor dark web for signs of stolen data being sold or leaked., Implement multifactor authentication (MFA) and other delayed security projects proactively., Review cyber insurance coverage to ensure adequate protection against ransomware losses. and Engage third-party forensic and legal experts early in incident response..
References
Where can I find more information about each incident ?
Incident : Ransomware WES0713107102825
Source: CSO Online
Incident : Ransomware WES0713107102825
Source: U.S. Securities and Exchange Commission (SEC) 8-K Filings
URL: https://www.sec.gov/edgar/searchedgar/companysearch.html
Incident : Ransomware WES0713107102825
Source: U.S. Department of Justice (DOJ) Press Release on Colonial Pipeline Ransom Recovery
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: CSO Online, and Source: U.S. Securities and Exchange Commission (SEC) 8-K FilingsUrl: https://www.sec.gov/edgar/searchedgar/companysearch.html, and Source: U.S. Department of Justice (DOJ) Press Release on Colonial Pipeline Ransom Recovery.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Ransomware WES0713107102825
Investigation Status: [{'company': 'Blackbaud, Inc.', 'status': 'Ongoing lawsuits (as of February 2022)'}, {'company': 'Sinclair Broadcast Group', 'status': 'Recovery ongoing; financial impact still fluid (as of reporting date)'}, {'companies': ['WestRock Company', 'Radiant Logistics', 'Mineral Technologies', 'Benchmark Electronics', 'Faneuil'], 'status': 'Incident closed; financial reporting completed'}]
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Company: Radiant Logistics and Strategy: Proactively engaging affected customers/employees.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Ransomware WES0713107102825
Customer Advisories: Company: Radiant Logistics, Details: Proactively engaging affected customers/employees, Company: Blackbaud, Inc., Details: Notified customers of data breach; offered reimbursement for claims.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Company: Radiant Logistics, Details: Proactively engaging affected customers/employees, Company: Blackbaud, Inc., Details: Notified customers of data breach; offered reimbursement for claims and .
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Ransomware WES0713107102825
Root Causes: Delayed Security Projects (E.G., Mfa Not Implemented), Inadequate Network Segmentation Or Backup Strategies, Vulnerabilities In Self-Hosted Or Legacy Systems (E.G., Blackbaud’S Private Cloud),
Corrective Actions: Accelerated Security Budget Approvals Post-Incident, Implementation Of Delayed Projects (E.G., Mfa, Network Segmentation), Enhanced Monitoring And Incident Response Planning, Review Of Cyber Insurance Policies,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Company: Radiant Logistics, Assistance: Forensic experts, IT professionals, Company: Faneuil, Assistance: Legal counsel, leading cybersecurity firms, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Accelerated Security Budget Approvals Post-Incident, Implementation Of Delayed Projects (E.G., Mfa, Network Segmentation), Enhanced Monitoring And Incident Response Planning, Review Of Cyber Insurance Policies, .
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Fin7.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on January 2021.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were 15 million payment cards, Company: Blackbaud, Inc., Data: Subset of data from self-hosted private cloud (customer/employee data), Company: Radiant Logistics, Data: Customer and employee data extracted from servers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were ATM machinesPoint-of-sale systems and C, o, m, p, a, n, y, :, , S, i, n, c, l, a, i, r, , B, r, o, a, d, c, a, s, t, , G, r, o, u, p, ,, S, y, s, t, e, m, s, :, , N, e, t, w, o, r, k, , (, r, e, s, t, o, r, e, d, , f, r, o, m, , b, a, c, k, u, p, s, ), ,, C, o, m, p, a, n, y, :, , W, e, s, t, R, o, c, k, , C, o, m, p, a, n, y, ,, S, y, s, t, e, m, s, :, , I, T, , a, n, d, , o, p, e, r, a, t, i, o, n, a, l, , t, e, c, h, n, o, l, o, g, y, , s, y, s, t, e, m, s, ,, C, o, m, p, a, n, y, :, , R, a, d, i, a, n, t, , L, o, g, i, s, t, i, c, s, ,, S, y, s, t, e, m, s, :, , O, p, e, r, a, t, i, o, n, a, l, , a, n, d, , I, T, , s, y, s, t, e, m, s, , (, t, a, k, e, n, , o, f, f, l, i, n, e, ), ,, C, o, m, p, a, n, y, :, , B, l, a, c, k, b, a, u, d, ,, , I, n, c, ., ,, S, y, s, t, e, m, s, :, , S, e, l, f, -, h, o, s, t, e, d, , p, r, i, v, a, t, e, , c, l, o, u, d, , e, n, v, i, r, o, n, m, e, n, t, ,, C, o, m, p, a, n, y, :, , B, e, n, c, h, m, a, r, k, , E, l, e, c, t, r, o, n, i, c, s, ,, S, y, s, t, e, m, s, :, , C, u, s, t, o, m, e, r, , a, n, d, , e, m, p, l, o, y, e, e, , a, c, c, e, s, s, , s, y, s, t, e, m, s, ,, C, o, m, p, a, n, y, :, , F, a, n, e, u, i, l, ,, S, y, s, t, e, m, s, :, , I, n, f, o, r, m, a, t, i, o, n, , t, e, c, h, n, o, l, o, g, y, , s, y, s, t, e, m, s, ,, .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was company: radiant logistics, assistance: forensic experts, it professionals, company: faneuil, assistance: legal counsel, leading cybersecurity firms, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Efforts to contain the attack, Company: Faneuil, Measures: Systems containment; remediation, Company: Radiant Logistics, Measures: Systems taken offline and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Company: Blackbaud, Inc., , 15 million payment cards, Data: Customer and employee data extracted from servers, , Company: Radiant Logistics, , Data: Subset of data from self-hosted private cloud (customer/employee data) and .
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 15.0M.
Ransomware Information
What was the highest ransom paid in a ransomware incident ?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was [{'company': 'JBS', 'amount': '$11 million'}, {'company': 'Colonial Pipeline', 'amount': '$4.43 million ($2.3 million recovered)'}, {'company': 'ExaGrid', 'amount': '$2.6 million'}, {'company': 'Blackbaud, Inc.', 'amount': 'Undisclosed (ransom paid)'}].
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was company: Blackbaud, Inc., actions: 570 customer claims; lawsuits proceeding (July 2021), .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Data exfiltration is a common tactic alongside encryption in ransomware attacks.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Comply with SEC reporting requirements for material cyber incidents (within 4 days, per proposed rules)., Maintain offline backups to enable recovery without paying ransom., Monitor dark web for signs of stolen data being sold or leaked., Implement multifactor authentication (MFA) and other delayed security projects proactively., Review cyber insurance coverage to ensure adequate protection against ransomware losses. and Engage third-party forensic and legal experts early in incident response..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are U.S. Department of Justice (DOJ) Press Release on Colonial Pipeline Ransom Recovery, U.S. Securities and Exchange Commission (SEC) 8-K Filings and CSO Online.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.sec.gov/edgar/searchedgar/companysearch.html .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is [{'company': 'Blackbaud, Inc.', 'status': 'Ongoing lawsuits (as of February 2022)'}, {'company': 'Sinclair Broadcast Group', 'status': 'Recovery ongoing; financial impact still fluid (as of reporting date)'}, {'companies': ['WestRock Company', 'Radiant Logistics', 'Mineral Technologies', 'Benchmark Electronics', 'Faneuil'], 'status': 'Incident closed; financial reporting completed'}].
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an company: Radiant Logistics, details: Proactively engaging affected customers/employees, company: Blackbaud, Inc., details: Notified customers of data breach; offered reimbursement for claims and .
.png)
Latest Global CVEs (Not Company-Specific)
Description
Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.
Risk Information
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Description
Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Description
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=westrockcompany' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
