Scottish Brewery Recovers From Ransomware Attack

Scottish Brewery Recovers From Ransomware Attack

Trouble ferments after hackers lock system and Arran with it Staff at Arran Brewery were locked out of its computer s

How Shared Pools of Cloud Computing Power Are Changing the Way Attackers Operate
Qualcomm Critical Flaw Exposes Private Keys For Android Devices
Drone Vulnerability Could Compromise Enterprise Data

Trouble ferments after hackers lock system and Arran with it

Staff at Arran Brewery were locked out of its computer systems this week following a ransomware attack.

The attack against the Isle of Arran-based Scottish beer maker appears to have been a targeted strike. Prior to the infection, adverts for an already filled finance post at the brewery were placed on recruitment sites worldwide. This, in turn, resulted in an influx of CVs.

Amidst this, hackers appear to have sent a booby-trapped email message featuring a ransomware payload carried within a PDF file. When an Arran Brewery staffer opened this contaminated email, its systems were infected.

Cybercriminals demanded 2 bitcoin (£10,227/$13,448 at the time of publication) to hand over the encryption keys needed to recover data. The Scots firm declined to cave into extortion, even though the decision meant accepting the loss of three months worth of sales data from one infected server, the BBC reported.

The brewery has drafted in an external IT consultant to help to clean up its network and, where possible, restore data.

The Scottish Sun added that the brewery is back up and running.

A worker at the brewery confirmed the attack to The Reg while asking us to put follow-up questions to its managing director by email. We’ll update this story as more information comes to hand.

Barry Shteiman, VP of research and innovation at Exabeam, said that businesses hit by ransomware are faced with a difficult choice.

“While many security experts warn about paying ransoms or entering into negotiations, the answer in reality comes down to simple economics. If the downtime caused by data being unavailable, or by the backup restoration process, is more expensive than paying the ransom, then organisations should pay.

“Equally, if giving up on the encrypted data has a higher cost in lost revenue or intellectual property than remediation, then you can also see why an organisation would pay the ransom. Of course, this is a last resort, if all other options have been exhausted,” he added. ®

A Layman’s Guide on How to Operate Your SIEM Under the GDPR

Go to Source