The UK’s largest ready-meal provider, Wiltshire Farm Foods, announced this week that its systems have been crippled by a cyber attack.
In a statement, the Trowbridge-based organisation said it was “currently experiencing severe difficulties” with its IT network.
The disruption has caused major problems for the delivery of Meals on Wheels, a service that brings food to the elderly and vulnerable.
Wiltshire Farm Foods’ parent company, Apetito, produces and delivers 900,000 meals and puddings a week in the UK, and the organisation has advised anyone expecting a delivery this week to contact their local depot.
“Unfortunately, as our systems are not currently working, we will be unable to make many deliveries in the next few days. We are also unable to contact customers personally as we do not have access to their telephone numbers,” it added.
How did the cyber attack occur?
Although Wiltshire Farm Foods has revealed few details about the incident, cyber security experts believe that it bears the hallmarks of ransomware.
Ransomware is a type of cyber attack in which criminal hackers plant malicious code on the victim’s systems, which cripples services and encrypts files. The attackers then demand a payment – typically paid in bitcoin – for a decryption key.
“They’re not saying it, but [it’s] ransomware,” the researcher Kevin Beaumont said on Twitter.
“The new trend in ransomware is not talking about it, which will surely help matters,” he added, noting his sarcasm.
Indeed, organisations’ most powerful tool in combating ransomware is effective communication. The greater awareness there is of ransomware, the more likely it is that organisations understand the threat and take on board the lessons learned by others.
For example, Yodel was recently hit by ransomware, but thanks to a comprehensive incident response plan, it should escape relatively unscathed.
The delivery service explained that it launched an investigation as soon as it detected the ransomware, and informed customers and authorities of the breach.
Yodel also provided advice to customers, warning them of potential secondary attacks that the criminal hackers might launch, and added that it continues to work on restoring its systems.
When victims demonstrate the effectiveness of incident response plans, it proves that organisations needn’t be beholden to the cyber criminals who target their systems.
With backups of sensitive data, an organisation can restore its systems without having to negotiate with the crooks.
Education is the key to ransomware prevention
The more your organisation talks about ransomware, the better prepared you will be to detect and prevent incidents. This is particularly true given that the majority of attacks begin with phishing emails. Cyber criminals hide the malware in an attachment that poses as a benign file, like an invoice or a report.
As such, employees are often the last line of defence, and it’s why we recommend enrolling them on regular staff awareness training courses. It will help them understand what ransomware is, how it works and their role in protect the organisation.
With IT Governance’s Ransomware Staff Awareness E-learning Course, you’ll receive all of this information and more.
We provide examples of ransomware attacks and the effects they have on business, as well as information on the main forms of ransomware and how they can be identified.
We also explain anti-malware software, demonstrating how it fits within your organisation’s policies and procedures, and offer tips on how to respond if you fall victim.