American toy manufacturing giant Mattel this week revealed that it fell victim to a ransomware attack that impacted some of its operations. Founded in 1945 and headquartered in El Segundo, California, Mattel is one of the largest toy sellers in terms of revenue, with its operations divided into three segments, namely North America, International, and American Girl. Mattel sells products such as Barbie, Fisher-Price, Monster High, American Girl, Polly Pocket, and Hot Wheels in 150 countries, and has a presence in 40 countries.
In a 10-Q form filed with the Securities and Exchange Commission (SEC) this week, the toy maker revealed that, earlier this year, it fell victim to a ransomware attack. “On July 28, 2020, Mattel discovered that it was the victim of a ransomware attack on its information technology systems that caused data on a number of systems to be encrypted,” the company said in the SEC filing.
“Promptly upon detection of the attack, Mattel began enacting its response protocols and taking a series of measures to stop the attack and restore impacted systems. Mattel contained the attack and, although some business functions were temporarily impacted, Mattel restored its operations,” the company wrote.
The report is interesting precisely because the attack didn’t actually damage the company. Given that one single variant of the NetWalker ransomware cost $25 million from victims this year while another infection effectively killed a patient in a German hospital, the fact that Mattel skirted real damage is encouraging and/or lucky.
“A forensic investigation of the incident has concluded, and no exfiltration of any sensitive business data or retail customer, supplier, consumer, or employee data was identified,” the company wrote. “There has been no material impact to Mattel’s operations or financial condition as a result of the incident.”
Mattel did not provide information on the ransomware family involved in the incident, but cyber threat analysts suspect that Ryuk operators might have been involved, following a TrickBot infection.
The U.S. saw 145.2 million ransomware attacks, a 139% increase year-over-year, according to security firm HelpNetSecurity. The most popular ransomware this year, Ryuk, attack 67.3 million machines alone, a massive number. A site called NoMoreRansom is aimed at helping companies like Mattel and others crack ransomware attacks before they become a real internal problem. Many organizations, are beyond help without backups or a high degree of luck.
The installation, updating and monitoring of firewalls, cyber security and proper employee training are keys to success. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.
Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports. There are extensive reports on many of the threats mentioned in this article that can be found at https://redskyalliance.org. There is no charge for these reports and articles posted.
What can you do to better protect your organization today?
- All data in transmission and at rest should be encrypted.
- Proper data back-up and off-site storage policies should be adopted and followed.
- Implement 2-Factor authentication company wide.
- Join and become active in your local Infragard chapter, there is no charge for membership. infragard.org
- Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
- Institute cyber threat and phishing training for all employees, with testing and updating.
- Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.
- Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
- Ensure that all software updates and patches are installed immediately.
- Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network. Ransomware protection is included at no charge for RedXray customers.
- Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or firstname.lastname@example.org.
Weekly Cyber Intelligence Briefings: