Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween | Threatpost

The manufacturer of some of Halloween’s most popular sweet treats has been hit with a ransomware attack that disrupted production mere weeks before the candy industry’s biggest holiday.

Chicago-based Ferrara Candy Co. confirmed publicly that a cyber-incident that encrypted some of its systems on Oct. 9, affecting the production of its numerous popular confection brands, including Brach’s Candy Corn, which is a confection that divides candy enthusiasts into “love it” and “hate it” groups.

However, those worried that this year they won’t get their fill of the controversial candy corn and other treats can rest easy. Ferrara said it already had fulfilled most of its candy orders for Halloween when it typically does — in early August — so supply this year should be as per usual, according to the report.

Ferrara has released few specific details about the attack, and it’s unclear at this time which ransomware group is responsible. One potential culprit is BlackMatter, a group that rose from the ashes of the former DarkSide ransomware gang and who federal authorities warned this week is on the offensive.

Company officials said they immediately responded to the attack by securing all systems and launching an investigation, on which Ferrara is collaborating with law enforcement, according to a report in Gizmodo. The company also has employed third-party specialists to restore systems to full operational capability.

Halloween Will Be Saved

At this time, Ferrara’s production is nearly back up and running at full speed so the company should be able to fill any outstanding Halloween orders in time for the holiday, it told The Tribune.

“We have resumed production in select manufacturing facilities, and we are shipping from all of our distribution centers across the country, near to capacity,” the company said, according to the report. “We are also now working to process all orders in our queue.”

That’s good news not only for Ferrara but also distributors of candy and confections in general, as manufacturers typically rake in $4.6 billion of of their $36 billion in yearly sales during Halloween.

Aside from Brach’s Candy Corn—which represents 85 percent of candy corn sales in the United States during the Halloween season—other popular candies that Ferrara turns out include SweetTarts, Laffy Taffy, Runts, Fun Dip and Red Hots.

Opportunistic Attack

Industry watchers said they’re not surprised that threat actors targeted Ferrara with a ransomware attack at a time when it’s likely to be the most desperate to get production back up and running at full speed quickly, boosting their chances of cashing in.

“This is typical behavior from cybercriminals—they target companies when they’re most vulnerable,” said Simon Jelley, general manager for endpoint and SaaS protection at enterprise data protection firm Veritas Technologies, in an email to Threatpost. “Attackers want to create situations where companies feel they have no choice but to pay up.”

The attack then should be a cautionary tale for other organizations to be especially vigilante as they approach critical moments in their business, whether seasonal, market-driven or otherwise, he said.

The incident also highlights the need for resiliency among organizations, including a “worst case scenario” plan in the event of a cyber incident during a crucial time in the business, another security expert said.

However, this type of security posture must be maintained year-round, not merely be enforced during vulnerable times, said Chris Clements, vice president of solutions architecture at cybersecurity firm Cerberus Sentinel.

“The answer to such evolving threats remains constant, however,” he said in an e-mail to Threatpost. “To ensure the best chance of avoiding or quickly catching and stopping an attack before it becomes a widespread issue is to adopt a true culture of security in the organization.”

Check out our free upcoming live and on-demand online town halls – unique, dynamic discussions with cybersecurity experts and the Threatpost community.