Massive Ransomware Attack Strikes Arizona Beverages
Arizona Beverages recently suffered a massive ransomware attack that compromised hundreds of computers and servers.
Known for its iced teas, the New-York based distributor became aware of the incident when more than 200 of the company’s networked computers began displaying the same message last month: “Your network was hacked and encrypted.”
Many of the company’s devices were running outdated Windows operating systems and hadn’t received patches in years. The IT staff had to effectively rebuild the entire network from the ground up, spending over six figures in hardware and recovery costs.
The ransomware attack is thought to be iEncrypt, a ransomware strain similar to BitPaymer. It was activated on March 21, several weeks after Arizona received an FBI warning about a Dridex malware infection. Responders believe Arizona’s systems had been compromised for several months.
Dridex is delivered through an email attachment. It allows attackers to steal passwords, monitor traffic, and deliver more malware due to complete network access. Incident responders believe Arizona’s previous Dridex compromise resulted in the latest ransomware infection.
The outbreak also affected Arizona’s Exchange server, disabling email throughout the company. Without any computers to process customer orders for a week, the company was losing millions of dollars a day in sales.
Important Tip for Any Ransomware Attack
As soon as your organization completes an emergency response to a breach, contact your insurance company, a lawyer that specializes in IT security, and let them hire all the IT security investigators.
By letting your lawyers hire the IT security investigators, the results of the investigations become privileged information, legally limiting who can access details about what happened.
Using a tool like Syxsense Realtime Security can actively prevent breaches before they spread. Receive live, accurate, data from thousands of devices in under 10 seconds then instantly detect running .exes, malware or viruses and kill those processes before they spread.
