Simpson Manufacturing shuts down IT systems after cyberattack

Simpson Manufacturing disclosed via a SEC 8-K filing a cybersecurity incident that has caused disruptions in its operations, which are expected to continue.

Simpson Manufacturing is an American building and structural materials producer and one of North America's dominant makers of structural connectors and anchors, with 5,150 employees and annual net sales of $2.12 billion (2022).

The company states it detected IT problems and application outages this past Tuesday, which it soon realized were caused by a cyberattack. In response to the situation, Simpson took all impacted systems offline to prevent the attack's spread.

"On October 10, 2023, Simpson Manufacturing Co., Inc. experienced disruptions in its Information Technology (IT) infrastructure and applications resulting from a cybersecurity incident," reads the statement.

"After becoming aware of the malicious activity, the Company began taking steps to stop and remediate the activity, including taking certain systems offline."

The statement further clarifies that the ongoing remediation process may take some time. As a result, the pause in business operations will persist.

Lengthy disruptions typically result from ransomware attacks that are complex to remediate as they involve data encryption, rendering key systems and apps unusable.

Also, the possibility of data theft would be a significant concern, as Simpson Manufacturing is a leader in its industry, potentially holding large amounts of proprietary information.

The firm operates seven laboratories for testing new designs and materials and holds over two thousand patents and trademarks.

However, the type of cybersecurity incident impacting Simpson Manufacturing has not yet been determined, and no ransomware groups have taken responsibility for an attack on the firm.

The company says it has engaged leading third-party experts to aid its investigation and recovery, but both are in their initial stages.

The announcement of the cyberattack, which led to the suspension of business operations, has not negatively affected the company's stock trading performance yet.

BleepingComputer has contacted Simpson Manufacturing with a request for additional information regarding the nature of the cybersecurity incident, and we will update this post as soon as we hear back.