The BlackCat ransomware group left a message on its dark web portal, claiming responsibility for the Tempur Sealy cyber attack.
In the message, the ransomware group went on a lengthy rant about the company’s failure to respond to their demands. Tempur Sealy International, known for manufacturing mattresses and bedding products, is based in Lexington, Kentucky.
Tempur Sealy cyber attack
Screenshot of ALPHV ransomware website (Photo: Vx-Underground/ Twitter)
In July, news of the Tempur Sealy cyber attack surfaced without any specific group claiming responsibility.
In a report to the U.S. Securities and Exchange Commission, Bhaskar Rao, Chief Financial Officer, revealed that Tempur Sealy’s operations were impacted by a security incident that commenced on July 23, 2023.
What ALPHV hackers said about the Tempur Sealy ransomware attack
The ALPHV or BlackCat ransomware group claimed to have gained access to the systems of Tempur Sealy International for several weeks.
“While we initially intended to keep this quiet, circumstances have led us to share this information with you today,” the hackers wrote on their website on the dark web.
The ransomware group addressed a message to “Mr. Vakil,” the General Counsel for Tempur Sealy, stating that several days had elapsed since the company became aware of the ransomware attack. Despite this, Tempur Sealy had not made any public announcement regarding the cyber attack.
“This might suggest a certain level of discord within your leadership team,” the hackers added. The group wrote that the Tempur Sealy cyber attack message on their dark web portal was to make it easier on the targeted company to release a public disclosure.
ALPHV shared a few samples of documents exfiltrated during the Tempur Sealy International ransomware attack. “When you choose to disclose this information to the public, you can use these samples to accurately describe what has been taken,” BlackCat added.
Screenshot of the Tempur Sealy attack post (Photo: Dominic Alvieri/ Twitter)
The group threatened to leak the stolen data from the Tempur Sealy database if the company did not make a public disclosure soon.
Sceenshot of ALPHV hacker’s dark web portal (Photo: Falcon Feeds/ Twitter)
ALPHV ransomware hackers claimed to have plenty more data besides the released samples and stated that they were awaiting response about their ransom demands from the company.
The group claimed to have the following data from the cyber attack on Tempur Sealy –
1. Dynamics AX
2. Last four digits of card numbers for orders
3. Coupon usage
4. Internal banking transactions
The hackers claimed that the data from Tempur Sealy was shared with ‘other players in this scenario,’ via a private Gmail account.
BlackCat’s note to Mo Vakil from the Tempur Sealy International
The second part of the message from the BlackCat hackers revealed they had unrestricted access to Mo Vakil’s computer, which also includes his communications with external counsel.
The hackers of ALPHV ransomware group claimed to have access to many other high-level employees after they exfiltrated all the data.
ALPHV emailed the company with their demands after launching the Tempur Sealy cyber attack however, the company did not respond for a week. “..but we were privy to the meeting where they discussed our messages,” concluded the dark web post about the Tempur Sealy cyber attack.
ALPHV claims Tempur Sealy engaged Arctic Wolf for Incident Response and Managed Detection, utilizing their Endpoint Detection and Response (EDR) Services
The impacted website was accessible at the time of writing after the Tempur Sealy cyber attack. The Cyber Express emailed the bedding manufacturer. We will update this report based on their reply.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.