Can you imagine Christmas without the famous gingerbread? Neither can we! The gingerbread factory was operating at full tilt to meet the high demand for its delicacies across Switzerland. However, on an ordinary working day at the beginning of December, the factory was shocked when its huge production facility suddenly ground to a halt. Everything stopped working – from the dough machine, through the cooling and packaging systems, right down to the smallest production unit. The heart of Christmas’s treat production had stopped beating...
After the initial panic, the internal IT staff quickly identified the issue: a successful ransomware attack, which attackers had used to paralyse the factory’s network. Although it was not possible to ascertain the origin of the attack at that moment, that was the least of the company’s worries: first they had to digest the one million Swiss francs ransom demand, payable in Monero, and carefully weigh up the next steps. The IT staff, who were well aware of the potential consequences of ransomware attacks, reacted swiftly. They agreed with the stunned management team to call in a company specialising in cyber attacks, and their CSIRT (Computer Security Incident Response Team) was on the scene in next to no time. These experts know only too well that every second counts in an attack.
Thanks to their professionalism, many years of experience, speed and efficient collaboration with the manufacturer’s IT staff, the CSIRT experts were able to launch an immediate fight-back against the ransomware. While some team members concentrated on restoring the factory’s ability to operate by isolating the infected systems, tracking down the attackers, securing evidence and reviewing the factory’s existing IT and cyber security measures, others began to communicate with the attackers. Although the intention of these negotiations was not to pay the ransom, it was possible to win some time and acquire information. Despite the rising costs of the shutdown, the gingerbread factory fortunately heeded the CSIRT’s advice not to concede to the demand. The experts were optimistic about the prospects of recovery thanks to offline backup they were able to access (although this was not updated daily).
The CSIRT lost no time in showing what it’s capable of and successfully isolated the attackers and removed them from the network within a few hours. The backup meant that the network could also be rebuilt at the same time. The reconstruction phase was successful, meaning that the systems and – crucially – gingerbread production could be restarted. But did the shutdown ultimately cause too great a loss, or could the Christmas business be rescued after all?
Although the ransomware attack not only put the gingerbread manufacturer at serious risk, but also cost it money due to the shutdown even without the ransom being paid, the story ended with a surprising sense of relief. Thanks to the rapid response and the work of the CSIRT, production could be resumed sooner than expected, which meant that the overall costs were lower than feared – and above all significantly lower than if the attackers’ demands had been met. The company’s management was not only relieved and grateful that the crisis had been handled successfully, but also determined to take better precautions to prevent a repeat of such a scenario...
Even though the gingerbread factory was invented for purposes of this story, the scenario is more fact than fiction. Cyber attacks are now part of everyday life, and ransomware remains a lucrative business. A company can quickly be brought to its knees if it has not taken adequate precautions in terms of cyber security. The following tips may no longer be a secret, but they are nonetheless a solid starting point for reviewing and strengthening your security mechanisms:
We wish you a Merry Christmas and hope you haven’t lost your appetite for gingerbread. As usual, you’ll find further exciting insights, news from the world of cyber security & defence and specific tips on how to further strengthen your security measures on our cyber security blog in the new year. If you don’t want to miss any articles, subscribe to our blog updates now!