Story image

Brewery breach: Not even beer is safe from ransomware

22 Sep 2018

News emerged this week of a Scottish Brewery that had fallen victim to a ransomware attack.

Arran Brewery was locked out of its own computer system after being lured into opening an email attachment that had malicious intent.

Once the system had been hacked, the cybercriminal/s demanded two bitcoins (approx. £9,600) as a ransom to unlock the system – or face losing more than three months of sales data from one of its servers.

It’s interesting to note just how the cybercrimnal/s did it, as this was not just a mass phishing attack but rather a very studied and targeted one. Arran Brewery had been advertising for a genuine job position on various sites.

In light of this, the attacker/s took this ad and disseminated it around the world on other sites to increase the volume of emails with legitimate CV attachments, which they then used as an effective Trojan horse to hide their email with its malicious attachment.

Arran Brewery has come forward to the press and revealed the company declined to make the payment and in doing so lost the aforementioned data. They are now working with an IT consultant to not only eliminate any traces of the virus but also to attempt to restore the lost data.

Exabeam research and innovation VP Barry Shteiman says this kind of attack was inevitable.

“To pay or not to pay, that is the seemingly million-dollar question when it comes to ransomware. The Brewery bravely chose not to pay. While many security experts warn about paying ransoms or entering into negotiations, the answer in reality comes down to simple economics,” says Shteiman.

“If the downtime caused by data being unavailable, or by the backup restoration process is more expensive than paying the ransom, then organisations should pay.  Equally, if giving up on the encrypted data has a higher cost in lost revenue or intellectual property than remediation, then you can also see why an organisation would pay the ransom.  Of course, this is a last resort, if all other options have been exhausted."

Shteiman says organisations need to work to become more clued up about ransomware attacks.

"In order for cybersecurity teams to detect ransomware early enough in the ransomware lifecycle to stop it, they need to understand the business models used by ransomware network operators, the kill chain of a ransomware attack and how to detect and disrupt ransomware in corporate environments,” says Shteiman.

“Armed with this information, analysts should be able to react faster in the event their organisation is hit with a ransomware infection."

Zerto product marketing director Caroline Seymour holds similar sentiments, asserting this breach proves that nobody is truly safe from ransomware as almost all organisations today rely on their data.

“A recent analyst study determined that 50% of surveyed organisations have suffered an unrecoverable data event in the last three years. For most companies, customer loyalty, company brand and reputation are at risk.  Regrettably, prevention of these attacks is not always possible, but diminishing the threat is,” says Seymour.

“For an industry that reaches as many customers as the beer industry does, it’s critical to take a more dynamic, modern approach to business continuity and disaster recovery (DR). Solutions utilising Continuous Data Protection and hybrid cloud DR can help organisations like Arran Brewery better manage their IT infrastructures and achieve IT Resilience – so that downtime of more than mere seconds becomes a thing of the past and everyone can still enjoy a pint.”

Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."