Recently, a small Scottish brewery became the latest victim of a targeted ransomware attack. The attackers took advantage of a job vacancy ad posted by the brewery, proving once again that nothing is sacred, not our jobs, and not our beer. But, in the spirit of Braveheart, the brewery rallied and fought back, metaphorically mooning their attackers.
Ransomware attack on small business
A job posting turned into a ransomware nightmare.
This small brewery in Scottland has just become a perfect example of why you need to have a secure backup plan in place in the event of a ransomware attack. If we could all be like Arran Brewery, we could thwart all ransomware attackers, protect our data, and avoid paying a hefty fee to bounce back from a security breach. Most small businesses can’t afford to have their business disrupted or their data compromised. The only way to protect your livelihood is to protect your system from a hack attack.
Ransomware attack
The targeted ransomware attack on Arran Brewery began with a job posting on the brewery’s website. This opened a window for attackers. Knowing that companies are getting wise to phishing attempts to infiltrate a system, they needed a new way to get someone to open an email from an unknown source. A job posting was the perfect cover; the brewery was basically asking strangers to send them emails with attached resumes. The hackers didn’t waste time and completed their attack in two stages:
- Stage one: take the job posting from the brewery’s website and post it on a public international job site. This would ensure that the brewery would be getting a bunch of legitimate applicants sending legitimate resumes as attachments. The more legitimate applicants, the more inconspicuous the ransomware infected application would be, and the more likely it would be that the attachment would be opened.
- Stage two: send a fake application, attaching a pdf. file encrypted with the Dharma Bip ransomware and wait for payday.
Effects of the ransomware attack
Thanks to backup solutions, Arran Brewery avoided paying a ransom and was able to regain access to their data.
The plan worked. Before the brewery realized that no one inside the company had posted the job on external sites, the malware was already in play. As soon as the infected ransomware attachment was opened, Dharma Bip started encrypting files and locking the brewery out of their system. Then came the ransom; $13,000 in bitcoin transfers to regain access to their records.
Counterattacking the ransomware attack
Much to the chagrin of the hackers, the brewery decided not to pay the ransom. For one, paying does not ensure the return of your data. And two, the brewery had a backup of their system. In fact, they had two. One backup was affected by the ransomware, but an offsite backup solution was untouched, allowing the brewery to avoid paying a ransom and regain access to their files.
What we learned
- Nothing and no one is out of bounds for ransomware attackers
- You need a secure and reliable backup solution (maybe even a backup to your backup)
- Don’t pay the ransom!
OnePointSync offers secure and reliable backup and data recovery solutions for small and midsized businesses in the Denver area.
