Warehouse management software company SnapFulfil hit by ransomware
A UK cloud-based warehouse management software provider was struck by ransomware earlier this week.
Emails from SnapFulfil, a trading name of Synergy Logistics, sent to its customers late last week revealed how a ransomware attack targeted the company's services, disrupting warehouse operations for at least one of its customers.
"We have been targeted by a ransomware attacker. We believe the data is safe. All the work done over the last few days has included additional security and changes to mitigate another attack," said one email.
Although later messages referred to a second attack, we understand this was sent in the heat of the moment and that the attacker did not, in fact, come back for a second go. The ransomware infection otherwise bears the hallmarks of so-called drive-by ransomware, where a company may fall victim to something as simple as opening an infected email attachment.
A firm using SnapFulfil's services said: "For a distribution business to have the warehouse management system disappear is a total nightmare, as we're unable to process many of the customer orders." The reader, who spoke on condition of anonymity, continued: "Some of these orders may be for many thousands of pounds."
In a statement Synergy Logistics said: "We have been working in partnership with the National Crime Agency and the National Cyber Security Centre to restore our systems and mitigate impact for our customers. The majority of our customers are now fully operational and safeguards have been put in place to minimise the risk of future malicious attacks."
Bad times for big and small alike
Ransomware is not only the topic du jour in infosec circles but it is one that captures the public imagination, with amoral criminals making demands amounting to millions of pounds in some cases in order to decrypt victims' files.
An alarming trend is for big companies struck by ransomware to take the easy way out and buy off the crooks.
Britain's National Cyber Security Centre has pointedly refused to condemn the practice of buying off criminals, or of taking out cyber insurance that pays ransoms on your behalf. From a business continuity point of view, if none other, this stance makes sense.
Infamously, cloud CRM provider Blackbaud paid off a ransom earlier this year after securing pinky promises from the criminals that they would delete copies of stolen data. Companies who outsourced data to Blackbaud included many British universities, the Labour Party, the National Trust and other so-called "third sector" charitable and voluntary organisations.
Take the threat seriously. No matter how small or insignificant your enterprise is, you're still a target for this scourge of modern commerce.