Threat Watch

Americold Hit With Cyber Attack

Americold, the nation’s leading cold storage facility has stated that they were the victim of a cyber-attack that caused a precautionary shutdown of several systems. Phone, email, and inventory maintenance have all been confirmed to be affected at this time. In the statement the company released it said that at the first sign of an incident they shut down to protect their data. The type of attack is unknown, but at this time, numerous third parties have stated that it was a ransomware attack.

ANALYST NOTES

If Americold was targeted with ransomware, it is likely that their data will appear on a victim leak website. This fear of a data breach is a tactic used by cybercriminals that is supposed to scare companies into paying a second ransom so that not only they can get their encrypted files back, they will receive the word of the attackers that the private data files they stole will be completely deleted instead of released to the world or sold to other criminals. With a COCVID-19 vaccine on the horizon, many cold storage places might become a target because they will need to be up and running at full speed to store the vaccine while it is being distributed. Companies should use the 3-2-1 rule as a guideline for backup practices. The rule states that three copies of all critical data are retained on at least two different types of media and at least one of them is stored offline. This will allow any company infected by ransomware to restore from a backup without paying the ransom, even if the threat actors attempt to destroy or corrupt online backup copies. In order to avoid data theft, it is necessary to implement a strong security program using a defense in-depth approach to detect attempts to attack the network at multiple stages so that even if the intruder manages to bypass some defenses, others are in place to alert security analysts to the problem. Although attacks usually take a few days to complete, in some recent cases, ransomware attacks went from the first workstation infection (via a malicious email attachment) to full domain control and widespread encryption in about five hours. Security analysts need to be available 24 hours a day to respond to intrusions and must detect attacks quickly to be successful at stopping them before attackers have a chance to do serious damage. The Binary Defense Security Operations Task Force watches over clients’ workstations and servers 24 hours a day, every day, and is able to stop attacks no matter when they occur.

More can be read here: https://www.bleepingcomputer.com/news/security/cold-storage-giant-americold-hit-by-cyberattack-services-impacted/