On Monday, Oct. 14, Alphabroder announced that it had been the victim of a ransomware attack. Despite the many security parameters, they had in place, cybercriminals were able to penetrate their systems and install the ransomware.
“No customer data or account information has been compromised or is accessible by this malware,” Alphabroder said in an official statement. According to their Chief Marketing Officer David Clifton, the ransomware attack only affected their ability to process orders.
In a ransomware attack, an unsuspecting user may have clicked on a seemingly safe link or an emailed attachment that appears to be a bill or other official document. Another common method of installing ransomware onto a company computer is when a user checks their personal email via a company web browser and opens an email attachment.
As a result, the attachment may install a malicious software program (malware) onto the computer system that encrypts the data and holds it at ransom. The user is then stuck without access to their data, and potentially faced with paying the attacker a huge sum and dealing with the compliance issues as a result.
Alphabroder was infected with a type of ransomware known as SODINOKIBI, a notoriously difficult to detect malware. According to Malwarebites, this type of ransomware targets all files except those listed in their configuration file, including .jpg, .jpeg, .raw, .tif, .png, .bmp, .3dm, .max, .accdb, .db, .mdb, .dwg, .dxf, .cpp, .cs, .h, ,php, .asp, .rb, .java, .aaf, .aep, .aepx, .plb, .prel, .aet, .ppj, .gif, and .psd.
Alphabroder, as a business with more than $1.5B in annual revenue, one would assume Alphabroder would have appropriate security measures in place to protect against malware. And according to Clifton, they do.
“Unfortunately, it’s a sophisticated malware, and was able to work around those protections,” Clifton told Counselor.
The primary lesson here is that if a business as big as Alphabroder can get hit by ransomware, so can you. You MUST assume your defenses will be penetrated and ask what will you do when it happens? Do you have the appropriate contingencies in place to protect you in the event of a ransomware infection?
In the event that your data is encrypted, the only thing that will save you is a robust data backup following the Backup Rule of 3-2-1.
If you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that. Time consuming, but very effective.
That’s why you should make an investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
Be sure to:
That said, you shouldn’t just wait to get hit. Implement the following security measures to limit your exposure:
Like this article? Check out the following blogs to learn more: