sb-nz logo
Story image

Brewery breach: Not even beer is safe from ransomware

22 Sep 2018

News emerged this week of a Scottish Brewery that had fallen victim to a ransomware attack.

Arran Brewery was locked out of its own computer system after being lured into opening an email attachment that had malicious intent.

Once the system had been hacked, the cybercriminal/s demanded two bitcoins (approx. £9,600) as a ransom to unlock the system – or face losing more than three months of sales data from one of its servers.

It’s interesting to note just how the cybercrimnal/s did it, as this was not just a mass phishing attack but rather a very studied and targeted one. Arran Brewery had been advertising for a genuine job position on various sites.

In light of this, the attacker/s took this ad and disseminated it around the world on other sites to increase the volume of emails with legitimate CV attachments, which they then used as an effective Trojan horse to hide their email with its malicious attachment.

Arran Brewery has come forward to the press and revealed the company declined to make the payment and in doing so lost the aforementioned data. They are now working with an IT consultant to not only eliminate any traces of the virus but also to attempt to restore the lost data.

Exabeam research and innovation VP Barry Shteiman says this kind of attack was inevitable.

“To pay or not to pay, that is the seemingly million-dollar question when it comes to ransomware. The Brewery bravely chose not to pay. While many security experts warn about paying ransoms or entering into negotiations, the answer in reality comes down to simple economics,” says Shteiman.

“If the downtime caused by data being unavailable, or by the backup restoration process is more expensive than paying the ransom, then organisations should pay.  Equally, if giving up on the encrypted data has a higher cost in lost revenue or intellectual property than remediation, then you can also see why an organisation would pay the ransom.  Of course, this is a last resort, if all other options have been exhausted."

Shteiman says organisations need to work to become more clued up about ransomware attacks.

"In order for cybersecurity teams to detect ransomware early enough in the ransomware lifecycle to stop it, they need to understand the business models used by ransomware network operators, the kill chain of a ransomware attack and how to detect and disrupt ransomware in corporate environments,” says Shteiman.

“Armed with this information, analysts should be able to react faster in the event their organisation is hit with a ransomware infection."

Zerto product marketing director Caroline Seymour holds similar sentiments, asserting this breach proves that nobody is truly safe from ransomware as almost all organisations today rely on their data.

“A recent analyst study determined that 50% of surveyed organisations have suffered an unrecoverable data event in the last three years. For most companies, customer loyalty, company brand and reputation are at risk.  Regrettably, prevention of these attacks is not always possible, but diminishing the threat is,” says Seymour.

“For an industry that reaches as many customers as the beer industry does, it’s critical to take a more dynamic, modern approach to business continuity and disaster recovery (DR). Solutions utilising Continuous Data Protection and hybrid cloud DR can help organisations like Arran Brewery better manage their IT infrastructures and achieve IT Resilience – so that downtime of more than mere seconds becomes a thing of the past and everyone can still enjoy a pint.”

Story image
Over a third of New Zealanders fell victim to cybercrime in the last year
"As we connected to the internet for everything from work and school to entertainment, social connection and even groceries, cybercriminals took advantage and launched coordinated attacks and convincing scams."More
Link image
Webinar: Securing privileged access to stop attackers in their tracks
Thycotic's immersive webinar will demonstrate how attackers acquire passwords on endpoints and access critical cloud applications — without being detected.More
Story image
Imperva unveils new data security platform built for cloud
"The cloud has revolutionised IT, offering organisations a strategic opportunity to rapidly pursue new market initiatives and adapt their operations in the face of new business challenges."More
Story image
Fortinet: Hyperscaling networks? Hyperscale your security!
Jon McGettigan, Fortinet A/NZ Regional Director, explains why a broad, integrated and automated security fabric is the most effective strategy to protect users, apps and data in a hyperscaling environment.More
Story image
Financial malware activity dropped in 2020 as creators honed their wares
Cybercriminals used the time to plan more malicious propagation techniques, both new and evolved from previous methods.More
Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More