UPDATED 22:08 EDT / APRIL 02 2019

SECURITY

Iced tea maker Arizona Beverages suffers downtime following ransomware attack

Arizona Beverages USA LLC, a large U.S. maker of iced tea, suffered downtime in February from a ransomware attack.

The attack, that involved the use of a form of the IEncrypt ransomware, is said to have hit the company in late March and resulted in more than 200 servers and networked computers displaying the same message: “your network was hacked and encrypted.” The message then went on to demand that a ransom payment be paid to solve the issue.

According to TechCrunch, it took five days before Arizona Beverage brought in incident responders to handle the outbreak. Those responders found that “the back-end servers were running old and outdated Windows operating systems that are no longer supported” and that “most hadn’t received security patches in years.”

The story gets worse, with the report claiming that Arizona Beverages were completely unaware of the hack and only found out about it after being informed by the Federal Bureau of Investigation.

“This is the unfortunate price companies pay when they fail to maintain their systems. At this point, there is no excuse,” Daniel Smith, head of threat research at Radware, told SCMagazine. “There have been dozens of events over the years that should have triggered an internal review or general cause for concern at Arizona Iced Tea. Every hack should be a learning moment for the security team and the industry at-large.

Although all ransomware is nefarious, IEncrypt is a particularly insidious form of ransomware, described by some security experts as a “very unpredictable infection.”

“IEncrypt is relatively new strain of ransomware first introduced in November of 2018,” Allan Liska, senior solutions architect at Recorded Future, told SiliconANGLE. “It has hit very few targets, this is the first target publicly exposed.”

“IEncrypt appears to come from the Dridex team, which are the same team behind Locky and BitPaymer,” Liska explained. “Unlike BitPaymer, IEncrypt appears to be delivered via phishing campaigns.”

The Dridex team was previously in the news when they were claimed to be behind ransomware that crippled the Professional Golfers Association of America.

Photo: MobiusDaXter/Wikimedia Commons

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.