Dive Brief:
- Arizona Beverages is recovering from a ransomware attack, which compromised more than 200 Windows computers, servers and stifled its sales operations, reports TechCrunch. The attack hit about two weeks ago.
- Arizona's ransomware attack is likely iEncrypt and hit the company's network on March 21 just after the company was warned by the FBI for Dridex malware, which is carried in an email attachment, according to TechCrunch. The FBI believes the malware existed in Arizona's systems for two months before the attack was triggered.
- The company brought in Cisco contractors for incident response after its backup system wouldn't configure as it should. Arizona's IT organization had to rebuild the network, according to TechCrunch, and racked up "hundreds of thousands" dollars for hardware, software and recovery-related expenses.
Dive Insight:
Arizona's recovery may not require as massively a "herculean" effort as other ransomware victims, but it puts added pressure on security fundamentals. Clicking on a malicious email attachment is just another concern for 79% of IT leaders who say they have employees that unintentionally invite risk into their organization.
Dridex is pushed through spam campaigns and nearly three-quarters of the campaigns use real company identities in the sender address, according to a 2016 Symantec report on the malware. Many of the malicious email attachments are pretend invoices, receipts and orders.
The malware traditionally targets financial institutions in English-speaking countries and is continuously evolving to avoid detection by the User Account Control system which enables Windows running the infection, according to Kaspersky Lab.
An infection living in a company's systems before the attack is carried out is a common practice by hacker groups.
This was a similar case for Equifax's now infamous data breach. Prior to the September 2017 disclosure, the company was breached from an unpatched bug that was left open for months before it was exploited. Just before that breach, companies with patchwork-style security felt the pains of WannaCry after exploiting a flaw in Windows 7.