Cyber threat actors must hate children this year. Ferrara Candy the company that makes Nerds, Laffy Taffy, Now and Laters, SweetTarts, Jaw Busters, Nips, Runts and Gobstoppers announced that it was hit with a ransomware attack just weeks before it prepares for one of its biggest holidays, Halloween. The Illinois-based company released a statement that on 09 October 2021, they "disrupted a ransomware attack" that encrypted some of their systems.
"Upon discovery, we immediately responded to secure all systems and commence an investigation into the nature and scope of this incident. Ferrara is cooperating with law enforcement, and our technical team is working closely with third-party specialists to restore impacted systems as expeditiously fully and as safely as possible," Ferrara said in a statement. "We have resumed production in select manufacturing facilities, and we are shipping from all of our distribution centers across the country, near to capacity. We are also now working to process all orders in our queue. We want to assure consumers that Ferrara's Halloween products are on shelves at retailers across the country ahead of the holiday." Ferrara did not say if it paid a ransom or what ransomware group attacked their systems.
Danny Lopez, CEO of cybersecurity company Glasswall, said it was likely no coincidence that attackers hit a candy company's supply chain just before Halloween knowing full well the urgency and demand at this time of year would have increased the likelihood that they would get the payment desired.
Cerberus Sentinel vice president Chris Clements added that the situation was more evidence that every company needs to plan for a "worst-case scenario" like a ransomware attack.
But even as organizations increase their defenses, ransomware actors are changing their methods as well. "One such tactic is understanding when is likely to be the victim's busiest season that can least afford systems downtime and waiting until that has begun to launch their ransomware attack. A compromised business that does not detect the attacker on day 1 is unlikely to detect the attacker on day 90, especially if the attacker is simply waiting for the opportune time to launch their ransomware," Clements said. "By doing so, cybercriminals can make any service disruptions and restoration delays maximally painful to their victim to further coerce them to pay the extortion demand rather than attempt to restore systems or data themselves."
It is up to all organizations to take steps and adopt procedures to protect themselves from ransomware attacks. And keep evil doers from depriving trick or treaters from their favorite candy on Halloween.
The following is what Red Sky Alliance recommends:
- All data in transmission and at rest should be encrypted.
- Proper data back-up and off-site storage policies should be adopted and followed.
- Implement 2-Factor authentication-company wide.
- For USA readers, join and become active in your local Infragard chapter, there is no charge for membership. infragard.org
- Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
- Institute cyber threat and phishing training for all employees, with testing and updating.
- Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.
- Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
- Ensure that all software updates and patches are installed immediately.
- Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.
- Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
https://www.redskyalliance.org/
https://www.wapacklabs.com/
https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
https://www.zdnet.com/article/illinois-candy-giant-hit-with-ransomware-weeks-before-halloween/
Comments