Story image

Brewery breach: Not even beer is safe from ransomware

22 Sep 2018

News emerged this week of a Scottish Brewery that had fallen victim to a ransomware attack.

Arran Brewery was locked out of its own computer system after being lured into opening an email attachment that had malicious intent.

Once the system had been hacked, the cybercriminal/s demanded two bitcoins (approx. £9,600) as a ransom to unlock the system – or face losing more than three months of sales data from one of its servers.

It’s interesting to note just how the cybercrimnal/s did it, as this was not just a mass phishing attack but rather a very studied and targeted one. Arran Brewery had been advertising for a genuine job position on various sites.

In light of this, the attacker/s took this ad and disseminated it around the world on other sites to increase the volume of emails with legitimate CV attachments, which they then used as an effective Trojan horse to hide their email with its malicious attachment.

Arran Brewery has come forward to the press and revealed the company declined to make the payment and in doing so lost the aforementioned data. They are now working with an IT consultant to not only eliminate any traces of the virus but also to attempt to restore the lost data.

Exabeam research and innovation VP Barry Shteiman says this kind of attack was inevitable.

“To pay or not to pay, that is the seemingly million-dollar question when it comes to ransomware. The Brewery bravely chose not to pay. While many security experts warn about paying ransoms or entering into negotiations, the answer in reality comes down to simple economics,” says Shteiman.

“If the downtime caused by data being unavailable, or by the backup restoration process is more expensive than paying the ransom, then organisations should pay.  Equally, if giving up on the encrypted data has a higher cost in lost revenue or intellectual property than remediation, then you can also see why an organisation would pay the ransom.  Of course, this is a last resort, if all other options have been exhausted."

Shteiman says organisations need to work to become more clued up about ransomware attacks.

"In order for cybersecurity teams to detect ransomware early enough in the ransomware lifecycle to stop it, they need to understand the business models used by ransomware network operators, the kill chain of a ransomware attack and how to detect and disrupt ransomware in corporate environments,” says Shteiman.

“Armed with this information, analysts should be able to react faster in the event their organisation is hit with a ransomware infection."

Zerto product marketing director Caroline Seymour holds similar sentiments, asserting this breach proves that nobody is truly safe from ransomware as almost all organisations today rely on their data.

“A recent analyst study determined that 50% of surveyed organisations have suffered an unrecoverable data event in the last three years. For most companies, customer loyalty, company brand and reputation are at risk.  Regrettably, prevention of these attacks is not always possible, but diminishing the threat is,” says Seymour.

“For an industry that reaches as many customers as the beer industry does, it’s critical to take a more dynamic, modern approach to business continuity and disaster recovery (DR). Solutions utilising Continuous Data Protection and hybrid cloud DR can help organisations like Arran Brewery better manage their IT infrastructures and achieve IT Resilience – so that downtime of more than mere seconds becomes a thing of the past and everyone can still enjoy a pint.”

Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.