Halloween Horror-Show for Candy-Maker Hit by Ransomware

A major US confectionary manufacturer has been hit by ransomware at one of its busiest times of the year, according to reports.

Chicago-based Ferrara – which produces popular treats including Nerds, Everlasting Gobstoppers, Juicy Fruits and Gummy Bears – had some of its systems encrypted earlier this month.

It’s now working with law enforcement and third-party experts to restore these critical assets and get operations fully up and running again.

“We have resumed production in select manufacturing facilities, and we are shipping from all of our distribution centers across the country, near to capacity,” noted a company statement published by the Chicago Tribune. “We are also now working to process all orders in our queue.”

George Papamargaritis, MSS operations director at Obrela Security Industries, argued that threat actors are increasingly researching to plan attacks when target organizations are most vulnerable to ransomware lockdowns.

“Attackers are using ransomware to put organizations into a corner, where they are forced to pay. Unless you are prepared for ransomware, you stand to lose everything from these attacks,” he said.

“The best defense when it comes to ransomware all comes down to resilience and hardening systems through regular incidence response training.”

In related news, Taiwanese hardware manufacturer Gigabyte suffered its second ransomware compromise in three months, according to Privacy Sharks.

The AvosLocker group posted a 15MB trove of exfiltrated data to its leak site, featuring internal passwords and usernames, employee payroll details, info on job candidates, and confidential information about third-party business partnerships, including one with a cybersecurity company.

It’s threatening to release more stolen data if the firm doesn’t pay up, although there’s been no word yet from Gigabyte.

It’s the second Taiwanese company to be targeted twice in quick succession by ransomware actors of late. Acer suffered an attack on its servers in India last week and then another by the same group a few days later, this time targeting its Taiwan HQ.

What’s Hot on Infosecurity Magazine?