Arizona Beverages knocked offline by ransomware attack

[ April 04, 2019 ]

Arizona Beverages, one of the largest beverage suppliers in the U.S., is recovering after a massive ransomware attack last month.

The company, famous for its iced tea beverages, is still rebuilding its network almost two weeks after the attack hit, wiping hundreds of Windows computers and servers and effectively shutting down sales operations for days until incident response was called in, according to a person familiar with the matter.

Dridex is delivered through a malicious email attachment. Once the implant installs, the attacker can gain near-unfettered access to the entire network and can steal passwords, monitor network traffic and deliver additional malware. With help from international partners, the FBI took down the password-stealing botnet in 2015, but the malware continues to pose a threat. More recently, Dridex has been used to deliver ransomware to victims.

Kaspersky said two years after the takedown that the malware is “still armed and dangerous.”

More than 200 servers and networked computers displayed the same message: “Your network was hacked and encrypted.” The company’s name was in the ransom note, indicating a targeted attack.

The ransomware also infected the company’s Windows-powered Exchange server, knocking out email across the entire company. Although its Unix systems were unaffected, the ransomware outbreak left the company without any computers able to process customer orders for almost a week.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: