Another ransomware attack has struck, but this time the massive attack on AriZona Beverages was targeted.
After more than 200 company-networked computers displayed the message “Your network was hacked and encrypted,” the company’s IT department had to rebuild the network, according to a post from Cloud Management Suite. Infosecurity was unable to reach AriZona Beverages by phone, and the company has not responded to request for comment.
“AriZona Beverages may have been relying on age-old IT systems. In light of this, the news that AriZona Beverages was hit with a ransomware attack last month and subsequently has spent a fortnight rebuilding its network might not come as a massive shock to some,” said Caroline Seymour, VP of product marketing at Zerto.
Some have speculated that the company had Dridex. According to experts at CrowdStrike, if the company had Dridex, then most likely the ransomware package was BitPaymer, which is something that a lot of people aren’t privy to yet. It is also believed that iEncrypt can interchangeably be used with BitPaymer.
CrowdStrike Intelligence tracks INDRIK SPIDER, a sophisticated e-crime group that has been actively developing the Dridex malware since early 2014, though it was first publicly reported in July 2014, according to Adam Meyers, VP of intelligence.
“It has evolved into an affiliate model where there are multiple customers/users of Dridex who use it for various purposes. Initially it was used to steal credentials to enable wire fraud, but since 2017 it is more commonly observed running more targeted and higher value operations. CrowdStrike Intelligence has observed this malware being used to deploy enterprise ransomware, which we call ‘Big Game Hunting.’”
With daily revelations of ransomware, the threat of a large scale attack – the possibility of which was suggested in a recent Lloyd’s of London report – looms large. The report poses a scenario in which a large-scale attack launched through an infected email is forwarded to all of the recipient’s contacts and able to encrypt the data of 30 million devices within 24 hours.
“Despite the high costs to business, the report shows the global economy is underprepared for such an attack with 86% of the total economic costs uninsured, leaving an insurance gap of $166bn,” the report said.
The potential volume of unreported attacks is of great concern to industry experts. “For every one reported attack,” said Marcus Chung, CEO at BoldCloud, “it is likely there are at least 5–10 unreported ransomware attacks. It is also very likely that some of these attacks are targeted and simply attempts to gain insights and intelligence towards identifying soft targets and possibly entire industries. Now, more than ever, it is more important to take a proactive approach towards protecting your data!”