A big beverage company suffers massive ransomware attack

A massive ransomware attack impacted the systems of Arizona Beverages, one of the largest beverage-producing companies in the United States; according to the experts of an ethical hacking institute in India, the company is still recovering from the incident, which occurred last month.

The recovery process is not yet over for Arizona even though it has already been around twenty days of the attack. According to the ethical hacking institute in India, to complete this process it is necessary to eradicate the infection of hundreds of computers and servers, in addition to shutting down sales operations as needed.

According to sources close to the company, about 200 computer equipment, a significant part of the Arizona network, showed a message that said:  “Your network has been hacked and encrypted”, adding details for the payment of the ransom. It has been mentioned that the ransom note contained the company’s name, so it is highly probable that it is a specifically targeted attack against Arizona Beverages.

After discovering the attack, the company’s IT staff began notifying the rest of the employees about the recovery process. The employees had to deliver their computer equipment, not without first receiving recommendations such as:

  • Do not turn on the equipment
  • Do not copy files
  • Do not connect to any network

According to the experts from the ethical hacking institute in India, the company’s incident response team determined that a considerable portion of the company’s servers were running versions of obsolete Windows operating systems and for which Microsoft no longer Launch support. In most cases, the servers were last updated years ago.

After the attack the company’s IT team tried to use its backup system to retrieve encrypted information, but only found that it had been poorly configured, so it was not possible to retrieve the information immediately. Arizona Beverages had to resort to an external incident response team to complete the recovery process. Sources close to the company claim that this incident has generated costs for hundreds of thousands to the company.

According to the specialists from the ethical hacking institute in India, and the International Institute of Cyber Security (IICS), the infection would have been triggered during the last hours of March 21, although it is believed that the company’s networks had been infected for at least two months.