Ransomware attacks are on the rise. The threats have continued to grow in prevalence and sophistication over the past five years, with U.S. businesses paying more than $3.6 million to cybercriminals in these kinds of attacks in 2018 alone, according to FBI statistics. Even though the overall volume of ransomware activity decreased in 2018, the attacks have become better targeted, more lucrative and more damaging to enterprise networks.
Brooklyn-based Arizona Beverages, known for its popular iced tea drinks, joined the ranks of major ransomware attack victims in early 2019. According to a TechCrunch report on the iEncrypt strain of ransomware, more than 200 of Arizona Beverages’ servers and endpoints had files encrypted after the company’s systems were been compromised—probably for at least a couple of months—in a Dridex malware infection.
High Costs from Halted Sales and Disrupted Operations
Sources indicate the company’s network needed to be rebuilt from the ground up in the wake of the attack. It took more than two weeks for Arizona Beverages’ IT team to restore normal sales and operational procedures, and required the help of an outside incident responder brought in on a contract basis.
Arizona Beverages’ primary email server was also impacted by the attack. They relied on Microsoft Exchange to handle internal email communications and customer order processing, and were unable to complete orders for several days after the incident. Arizona Beverages’ team then began processing orders manually, but was “losing millions of dollars a day in sales,” sources say.
The company is also reported to have spent hundreds of thousands of dollars on new hardware and upgraded software following the incident.
Unpatched Servers and Unverified Backup Capabilities Compounded Vulnerability
Arizona Beverage’s flagship product may be an old-fashioned American classic, but having up-to-date hardware and software regularly patched is fundamental to any network’s security. Experts believe Arizona Beverages was relying on outdated legacy systems that were no longer supported by Microsoft. Most of their servers hadn’t received security updates in a number of years.
According to sources, Arizona Beverages’ IT team discovered soon after the attack that their backup systems had been improperly configured. Without assistance from an outside service provider, they were unable to restore from these backups. It’s clear that they had never tested their disaster recovery capabilities in a meaningful way.
This mistake is all too common among today’s businesses. A majority (52%) of respondents in the recent State of Cloud and Data Protection Survey test their disaster recovery plans once a year or not at all—a rate that’s much too infrequent to guarantee that backup systems will truly protect data and ensure business continuity in the event of a cyberattack.
Malware Infections Often Pave the Way for Future Attacks
In this case, Arizona Beverages had reportedly been warned that their systems had been infected with the Dridex strain of malware a few weeks before the ransomware attack. This particular type of malware is usually distributed through a malicious email attachment—often a compromised Word document—and initially targeted the financial industry, stealing credentials and installing additional malware to facilitate fraudulent funds transfers. Today, it’s known to be a distribution method for highly targeted enterprise ransomware.
This pattern, in which an apparently innocuous initial malware infection is followed by a much more serious attack, is not atypical. That’s why it’s critical to ensure that your organization conducts a deep and thorough investigation of every security incident you learn about.
In today’s cybersecurity landscape, ransomware poses a serious threat to every business. Taking a proactive approach is the key to reducing this risk. You can learn more about disaster recovery planning and reliable backup solutions by consulting a technology partner who understands your organization’s unique needs.