Cleaning products maker Clorox has reported losses of $49 million in connection to a cyberattack it suffered in August of last year.
On Monday, August 14, 2023, Clorox disclosed it had identified unauthorized activity on some of its IT systems.
Despite a business continuity plan, the incident resulted in wide-scale disruptions to the company's operations throughout the quarter, which ended September 30, 2023.
Clorox says it expects operational impacts from the cyberattack to continue into the second quarter, though the majority of order processing operations have returned to automated processes.
Among other consequences of the cyberattack, net sales are expected to decrease between about $487 million and $593 million.
The company never revealed the nature of the attack, but based on a brief description, we must assume it was a ransomware attack.
Ransomware experts have attributed the attack to ALPHV/BlackCat, but attribution is hard.
This is especially true when the victim decides to pay the ransom, because their details aren't made public by the attackers.
When an organization refuses to pay, the attacking ransomware group will typically publish the organization's details, along with its data, on their leak site, which are our main source of information about who did what to who.
The costs of the cyberattack, which included payments to third-parties that were hired to help investigate and remediate the attack amounted to $49 million.
Clorox was forced to shut down many of its systems due to the attack, which triggered order processing delays and significant product outages.
Another indication that things may not have been up to par was the chief information security officer leaving in November, while the company was still recovering from the cyberattack.
Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs. Prevent intrusions.
Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
Use EDR or MDR to detect unusual activity before an attack occurs.
Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
Keep backups offsite and offline, beyond the reach of attackers.
Test them regularly to make sure you can restore essential business functions swiftly.
Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected.
This Cyber News was published on www.malwarebytes.com. Publication date: Mon, 05 Feb 2024 22:43:05 +0000