bleepingcomputer.com
By Bill Toulas
March 3, 2026
The multinational Dutch paint company AkzoNobel has confirmed to BleepingComputer that hackers breached the network of one of its U.S. sites.
Following a data leak from the Anubis ransomware gang, a company spokesperson said that the intrusion has been contained and that the impact is limited.
“AkzoNobel has identified a security incident at one of our sites in the United States. The incident was limited to the respective site and was already contained,” the company told BleepingComputer.
“The impact is limited, and we are taking the appropriate steps to notify and support impacted parties, and will work closely with relevant authorities.”
AkzoNobel is a major paints and coatings company with 35,000 employees. It has an annual revenue exceeding $12 billion and active operations in over 150 countries. Brands under its corporate umbrella include Dulux, Sikkens, International, and Interpon.
Anubis ransomware claims to have stolen from AkzoNobel 170GB of data, almost 170,000 files, and leaked on its leak site samples that include screenshots of select documents and a list of the stolen files.
The published data contains confidential agreements with high-profile clients, email addresses and phone numbers, private email correspondence, passport scans, material testing documents, and internal technical specification sheets.
At the time of writing, the Anubis leak is only partial. AkzoNobel did not share with BleepingComputer any information on whether it engaged with the threat actor.
Anubis is a ransomware-as-a-service (RaaS) operation that launched in December 2024, offering affiliates 80% of the paid ransoms.
In February 2025, the operators launched an affiliate program on the RAMP forum, boosting its activity and influence in the cybercrime space.
In June the same year, Anubis added to its arsenal a data wiper that destroys the victim’s files to make recovery impossible.
The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands.
The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.
The new NoEscape ransomware operation is believed to be a rebrand of Avaddon, a ransomware gang that shut down and released its decryption keys in 2021.
A new ransomware gang named 'Money Message' has appeared, targeting victims worldwide and demanding million-dollar ransoms not to leak data and release a decryptor.
A ransomware operation known as Medusa has begun to pick up steam in 2023, targeting corporate victims worldwide with million-dollar ransom demands.
In this week's Ransomware Roundup, FortiGuardLabs covers Trigona ransomware along with protection recommendations. Read the blog to find out more.
