Ferrara Candy, a company, which makes a variety of candies such as Gobstoppers, Now and Laters, SweetTarts, Jaw Busters, Nips, and Laffy Taffy, said that it was hit by a ransomware attack last month.
Chicago Tribune and Crain’s Chicago were the first to report the attack at Ferrara Candy.
The US-based company told that on October 9, they “disrupted a ransomware attack” which encrypted a part of their systems.
“Upon discovery, we immediately responded to secure all systems and commence an investigation into the nature and scope of this incident. Ferrara is cooperating with law enforcement and our technical team is working closely with third-party specialists to fully restore impacted systems as expeditiously and as safely as possible,” Ferrara said in a statement to ZDNet.
They have resumed production and are shipping from all factories and distribution centers and assured consumers that all products are on shelves in stores across the country:
“We have resumed production in select manufacturing facilities, and we are shipping from all of our distribution centers across the country, near to capacity. We are also now working to process all orders in our queue. We want to assure consumers that Ferrara’s Halloween products are on shelves at retailers across the country ahead of the holiday.”
It is likely no coincidence that an attacker targeted a candy company’s supply network just before Halloween.
Every company needs to plan for a worst-case scenario like a ransomware attack. Knowing when to expect the onset of a ransomware attack is a strategy that can help avoid experiencing the downtime that usually accompanies a major system outage.
However, ransomware actors are changing their methods as well, according to Cerberus Sentinel’s vice president Chris Clements:
“One such tactic is understanding when is likely to be the victim’s busiest season that can least afford systems downtime and waiting until that has begun to launch their ransomware attack. After all, a compromised business that doesn’t detect the attacker on day 1 is unlikely to detect the attacker on day 90, especially if the attacker is simply waiting for the opportune time to launch their ransomware. By doing so, cybercriminals can make any service disruptions and restoration delays maximally painful to their victim to further coerce them to pay the extortion demand rather than attempt to restore systems or data themselves.”