Story image

Brewery breach: Not even beer is safe from ransomware

22 Sep 18

News emerged this week of a Scottish Brewery that had fallen victim to a ransomware attack.

Arran Brewery was locked out of its own computer system after being lured into opening an email attachment that had malicious intent.

Once the system had been hacked, the cybercriminal/s demanded two bitcoins (approx. £9,600) as a ransom to unlock the system – or face losing more than three months of sales data from one of its servers.

It’s interesting to note just how the cybercrimnal/s did it, as this was not just a mass phishing attack but rather a very studied and targeted one. Arran Brewery had been advertising for a genuine job position on various sites.

In light of this, the attacker/s took this ad and disseminated it around the world on other sites to increase the volume of emails with legitimate CV attachments, which they then used as an effective Trojan horse to hide their email with its malicious attachment.

Arran Brewery has come forward to the press and revealed the company declined to make the payment and in doing so lost the aforementioned data. They are now working with an IT consultant to not only eliminate any traces of the virus but also to attempt to restore the lost data.

Exabeam research and innovation VP Barry Shteiman says this kind of attack was inevitable.

“To pay or not to pay, that is the seemingly million-dollar question when it comes to ransomware. The Brewery bravely chose not to pay. While many security experts warn about paying ransoms or entering into negotiations, the answer in reality comes down to simple economics,” says Shteiman.

“If the downtime caused by data being unavailable, or by the backup restoration process is more expensive than paying the ransom, then organisations should pay.  Equally, if giving up on the encrypted data has a higher cost in lost revenue or intellectual property than remediation, then you can also see why an organisation would pay the ransom.  Of course, this is a last resort, if all other options have been exhausted."

Shteiman says organisations need to work to become more clued up about ransomware attacks.

"In order for cybersecurity teams to detect ransomware early enough in the ransomware lifecycle to stop it, they need to understand the business models used by ransomware network operators, the kill chain of a ransomware attack and how to detect and disrupt ransomware in corporate environments,” says Shteiman.

“Armed with this information, analysts should be able to react faster in the event their organisation is hit with a ransomware infection."

Zerto product marketing director Caroline Seymour holds similar sentiments, asserting this breach proves that nobody is truly safe from ransomware as almost all organisations today rely on their data.

“A recent analyst study determined that 50% of surveyed organisations have suffered an unrecoverable data event in the last three years. For most companies, customer loyalty, company brand and reputation are at risk.  Regrettably, prevention of these attacks is not always possible, but diminishing the threat is,” says Seymour.

“For an industry that reaches as many customers as the beer industry does, it’s critical to take a more dynamic, modern approach to business continuity and disaster recovery (DR). Solutions utilising Continuous Data Protection and hybrid cloud DR can help organisations like Arran Brewery better manage their IT infrastructures and achieve IT Resilience – so that downtime of more than mere seconds becomes a thing of the past and everyone can still enjoy a pint.”

Comms providers hit by most DDoS attacks in Q3 2018
New data indicates attackers preyed on the large attack surface of ASN-level communications service providers with a ‘bit-and-piece’ approach.
Check Point launches hyperscale network security solution
With Check Point Maestro, organisations can scale up their existing Check Point security gateways on demand.
Should AI technology determine the necessity for cyber attack responses?
Fujitsu has developed an AI that supposedly automatically determines whether action needs to be taken in response to a cyber attack.
Trend Micro’s telecom security solution certified as VMware-ready
Certification by VMware allows communications service providers who prefer or have already adopted VMware vCloud NFV to add network security services from Trend Micro.
Frost & Sullivan honours Honeywell's IIoT value creation
Frost & Sullivan has awarded Honeywell with the 2018 Global Customer Value Leadership Award for its work protecting industrial internet of things (IIoT) customers.
Top cybersecurity threats of 2019 – Carbon Black
Carbon Black chief cybersecurity officer Tom Kellermann combines his thoughts with those of Carbon Black's threat analysts and security strategists.
Google's €50m fine a wake up call for big data analytics
Data analytics are essential to company growth, competitive differentiation, and innovation. But there’s now a huge challenge.
UK security startup Barac sets sights on America
“Malware hidden in encrypted traffic is one of the biggest threats organisations are facing today,” says new EVP global sales.