Scottish Brewery Recovered from Ransomware Attack
It’s a new week, and the folks at Arran Brewery in Scotland are likely drinking to that after last week’s ransomware attack took their computer systems offline. The brewery has reportedly recovered from what managing director Gerald Michaluk believes was a targeted Dharma Bip ransomware attack.
Arran staff received what they thought was a cover letter as part of a job application, but the email attachment contained malware, according to the BBC. Why the application was submitted in the first place is what seems suspicious.
In the aftermath of a legitimate job posting, the position had been filled, yet the listing reportedly reappeared on multiple recruitment sites. Apparently the position was quite desirable, because the fraudulent post resulted in an influx of applications from candidates around the world, creating a bit of email chaos. Hackers leveraged the surge in emails and sent an infected message containing the ransomware payload within a PDF.
Once the malicious email was opened, the systems became infected, at which point the attackers demanded two Bitcoins to have the system files restored. Knowing that it would lose three months of sales records, Arran reportedly decided not to pay and instead brought in external experts to enhance its cybersecurity strategies, according to The Scottish Sun.
"To pay or not to pay, that is the seemingly million-dollar question when it comes to ransomware,” said Barry Shteiman, VP of research and innovation at Exabeam. “While many security experts warn about paying ransoms or entering into negotiations, the answer, in reality, comes down to simple economics.”
One reason many companies choose to pay the ransom is the losses incurred during downtime when data is unavailable. In other cases, restoring backups may be more expensive than paying the ransom.
“If giving up on the encrypted data has a higher cost in lost revenue or intellectual property than remediation, then you can also see why an organization would pay the ransom. Of course, this is a last resort, if all other options have been exhausted,” Shteiman said.
Arran opted not to pay. “We chose to bring in an expert who having identified the problem was able to eliminate the virus and restore part of our system, and is confident in due course when the key is cracked will be able to restore the lost data,” Michaluk told The Scottish Sun.
“I hope if anyone finds themselves in a similar position they can recognize the MO of these bandits and not have the same issues we have had.”
Source: Information Security Magazine