Foodservice supplier Edward Don has suffered a ransomware attack. The scale and nature of the attack caused the company to shut down portions of its network in order to prevent the attack from spreading further.
Edward Don is one of the largest distributors of foodservice equipment and supplies like kitchen supplies, bar supplies, flatware and dinnerware in the U.S., although it is less well-known outside of North America.
According to BleepingComputer the company may have been affected by a specific form of attack via the Qbot botnet. The malicious code seeks to gain access to compromised networks. The remote access is used to spread laterally across a network, steal data, and eventually install the ransomware to encrypt devices. These infections are mostly leveraging malicious macro-enabled XLS files.
The cyberattack occurred during June 2021 and it reportedly disrupted the company’s business operations, including their telephone systems, network and email.
Looking into the attack for Digital Journal is James Carder, CSO of LogRhythm.
Carder begins by placing this recent attack in context: “This serves as a reminder that no industry or company is safe from a ransomware attack, but those industries in critical infrastructure such as healthcare, energy, and the food and agriculture sectors are especially targeted — as we have seen from the Colonial Pipeline and JBS attacks the last few months.”
Carder moves on to consider the seriousness of the cyberattack: “The effects of ransomware can send shockwaves through an organization and bring operations and revenue generation to a halt, making it a desirable strategy for cybercriminals looking to make money fast.”
With the specific attack, Carder fears that: “It’s possible that this attack will cause downstream impacts in the supply chain, like what we saw with the Colonial pipeline and JBS attacks, for consumers and industries that depend on food service equipment like restaurants who have already been hard hit from COVID-19.”
Yet measures can be taken to minimize the threat level, says Carder. He notes: “Successfully defending against these rampant cyberthreats requires proper preparation. All organizations need to take a proactive approach and invest in cybersecurity solutions that detect malicious behavior and enable network infrastructure to block any further access attempts.”
This means, Carder recommends: “Companies should patch aggressively, create backups, prepare a response plan, and prioritize educational training to ensure they are equipped to handle attacks and proceed operation without disruption.”