[Advent Story] A Sweet Temptation: Hackers Train their Sights on Gingerbread

Can you imagine Christmas without the famous gingerbread? Neither can we! The gingerbread factory was operating at full tilt to meet the high demand for its delicacies across Switzerland. However, on an ordinary working day at the beginning of December, the factory was shocked when its huge production facility suddenly ground to a halt. Everything stopped working – from the dough machine, through the cooling and packaging systems, right down to the smallest production unit. The heart of Christmas’s treat production had stopped beating... 

The dreaded evil: ransomware

After the initial panic, the internal IT staff quickly identified the issue: a successful ransomware attack, which attackers had used to paralyse the factory’s network. Although it was not possible to ascertain the origin of the attack at that moment, that was the least of the company’s worries: first they had to digest the one million Swiss francs ransom demand, payable in Monero, and carefully weigh up the next steps. The IT staff, who were well aware of the potential consequences of ransomware attacks, reacted swiftly. They agreed with the stunned management team to call in a company specialising in cyber attacks, and their CSIRT (Computer Security Incident Response Team) was on the scene in next to no time. These experts know only too well that every second counts in an attack.

The fight-back against the ransomware begins

Thanks to their professionalism, many years of experience, speed and efficient collaboration with the manufacturer’s IT staff, the CSIRT experts were able to launch an immediate fight-back against the ransomware. While some team members concentrated on restoring the factory’s ability to operate by isolating the infected systems, tracking down the attackers, securing evidence and reviewing the factory’s existing IT and cyber security measures, others began to communicate with the attackers. Although the intention of these negotiations was not to pay the ransom, it was possible to win some time and acquire information. Despite the rising costs of the shutdown, the gingerbread factory fortunately heeded the CSIRT’s advice not to concede to the demand. The experts were optimistic about the prospects of recovery thanks to offline backup they were able to access (although this was not updated daily).

Crisis management: the gingerbread manufacturer fights back

The CSIRT lost no time in showing what it’s capable of and successfully isolated the attackers and removed them from the network within a few hours. The backup meant that the network could also be rebuilt at the same time. The reconstruction phase was successful, meaning that the systems and – crucially – gingerbread production could be restarted. But did the shutdown ultimately cause too great a loss, or could the Christmas business be rescued after all?

Although the ransomware attack not only put the gingerbread manufacturer at serious risk, but also cost it money due to the shutdown even without the ransom being paid, the story ended with a surprising sense of relief. Thanks to the rapid response and the work of the CSIRT, production could be resumed sooner than expected, which meant that the overall costs were lower than feared – and above all significantly lower than if the attackers’ demands had been met. The company’s management was not only relieved and grateful that the crisis had been handled successfully, but also determined to take better precautions to prevent a repeat of such a scenario...

Lessons learnt from the ransomware incident: how to protect your company!

Even though the gingerbread factory was invented for purposes of this story, the scenario is more fact than fiction. Cyber attacks are now part of everyday life, and ransomware remains a lucrative business. A company can quickly be brought to its knees if it has not taken adequate precautions in terms of cyber security. The following tips may no longer be a secret, but they are nonetheless a solid starting point for reviewing and strengthening your security mechanisms:

• Regular backups: A regular and reliable backup system is crucial to enable rapid recovery in the event of a ransomware attack. The backups should be stored securely and offline.
• Crisis contingency plan: Every company should have a well-developed crisis contingency plan which should define clear steps and responsibilities in the event of a cyber attack so that operational capability can be maintained. An Incident Response Retainer is also worth having. This guarantees the assistance of experts who already know your company and are available around the clock if the worst should happen.
• Prioritising cyber security: Cyber security is not something to be neglected, and high IT security walls are no longer enough to prevent attacks. Scrimping here is false economy!
• Immediate response – 24/7: Working with a specialised cyber security company can be key to efficiently identifying and fending off attacks. For example, a 24/7 monitoring service can alert a dedicated SOC to threats at an early stage and experienced analysts can initiate defence measures.
• Security awareness training: Sensitise your employees to the threats and risks of cyber attacks. Security awareness training and education are key to recognising and preventing phishing attacks and similar cyber threats. People are often the weakest link in the safety chain, so raising awareness is of central importance – the ransomware attack on the gingerbread manufacturer was again ultimately traced back to a single click on a phishing email. You can find tips on how to quickly recognise such attacks in our free phishing poster.

The InfoGuard blog team wishes you a Merry Christmas

We wish you a Merry Christmas and hope you haven’t lost your appetite for gingerbread. As usual, you’ll find further exciting insights, news from the world of cyber security & defence and specific tips on how to further strengthen your security measures on our cyber security blog in the new year. If you don’t want to miss any articles, subscribe to our blog updates now!