[ April 04, 2019 ]
Arizona Beverages, one of the largest beverage suppliers in the U.S., is recovering after a massive ransomware attack last month.
The company, famous for its iced tea beverages, is still rebuilding its network almost two weeks after the attack hit, wiping hundreds of Windows computers and servers and effectively shutting down sales operations for days until incident response was called in, according to a person familiar with the matter.
Dridex is delivered through a malicious email attachment. Once the implant installs, the attacker can gain near-unfettered access to the entire network and can steal passwords, monitor network traffic and deliver additional malware. With help from international partners, the FBI took down the password-stealing botnet in 2015, but the malware continues to pose a threat. More recently, Dridex has been used to deliver ransomware to victims.
Kaspersky said two years after the takedown that the malware is “still armed and dangerous.”
More than 200 servers and networked computers displayed the same message: “Your network was hacked and encrypted.” The company’s name was in the ransom note, indicating a targeted attack.
The ransomware also infected the company’s Windows-powered Exchange server, knocking out email across the entire company. Although its Unix systems were unaffected, the ransomware outbreak left the company without any computers able to process customer orders for almost a week.