Alleged Ransomware Attack Hits Molson Coors; Expert Commentary

Alleged Ransomware Attack Hits Molson Coors; Expert Commentary

Recently, beverage manufacturer Molson Coors disclosed a cyber-attack in a Form-8K filed with the SEC. The cyber-attack is disrupting Molson Coors’ operations and the manufacture of its beverage products. 

The form specifies: “although the Company is actively managing this cybersecurity incident, it has caused and may continue to cause a delay or disruption to parts of the Company’s business, including its brewery operations, production, and shipments.” Molson Coors disclosed hiring “[a] leading forensic information technology firms and legal counsel” to help deal with the cyber-attack. However, it revealed neither what firms they engaged nor the full nature of the attack. 

Cybersecurity experts looking from the outside currently speculate the cyber-attack is a ransomware attack. To learn a little more, we contacted several cybersecurity experts. 

 

Ransomware Attack on Molson Coors

Tony Lambert

Tony Lambert is an Intelligence Analyst at Red Canary. 

“At the moment multiple reports indicate Molson Coors fell victim to a ransomware attack, but the precise family of ransomware hasn’t been specified. For manufacturing organizations, ransomware poses a major threat to data and system availability. Not only do corporate systems lose access to data, systems managing the manufacturing process may come to a halt as well, preventing the successful production and even delivery of products. This obviously presents a huge problem for companies that sell the products: every hour their lines are down can mean major profit losses.

In situations like these, we’ve seen organizations take two paths. The first is to pay the ransom so they can restore availability as fast as possible to prevent major losses. The second is to avoid paying a ransom and restoring from backups…Finally, it’s important to keep in mind that organizations can do many things to take steps toward ransomware prevention. Consider using mail gateways, spam filters, or other email security tools to curb the delivery of malicious attachments or links. If feasible, organizations may consider disallowing archive or document attachments in email. Consider implementing controls to limit the use of Windows script execution tools such as `wscript.exe`.

To secure public-facing applications from exploitation, apply patches as soon as possible. Evaluate any web applications for remote code execution vulnerabilities. To secure trusted relationships such as those with Managed Service Providers (MSPs), consider discussing security measures and checklists with vendors periodically to ensure they meet your needs and protect your interests. To mitigate exploitation via supply chain compromise, only download software from official sources such as directly from the developer. To hinder the execution of this and other malware, restrict administrative access where possible and employ the principle of least-privilege where feasible.”

Erich Kron

Erich Kron is Security Awareness Advocate at KnowBe4. 

“Ransomware continues to disrupt operations across industries and with no sign of slowing down. The power of ransomware is that regardless of the nature of your organization, you need your own data and systems to continue producing your product. In this case, the damage appeared to be limited to business disruptions, however, many modern versions of ransomware steal data as well. This can lead to a data breach involving the loss of intellectual property, customer information, employee information, and other sensitive data. For organizations in highly regulated industries, a data breach as a result of ransomware can lead to huge fines as well.

The most common way ransomware currently spreads is through phishing emails that contain infected documents, or links to malware-infected websites. For this reason, organizations should educate their employees on methods to detect and report phishing emails to their security department. Employees should know to never open unexpected or unusual documents in emails and to hover over links in emails, to ensure they go to the expected website.”

Niamh Muldoon 

Niamh Muldoon is Global Data Protection Officer with OneLogin

“This is an example of how attackers are targeting high profile organizations to interrupt key business operations, in this case, manufacturing. Ransomware remains a global cybersecurity threat and is the one cyber-crime that has a high direct return of investment associated with it, by holding the victims’ ransom for financial payment. On a global scale, cyber-criminals will continue to focus their efforts on this revenue-generating stream.  This reinforces what we’ve said before that no industry is exempt from the ransomware threat and it requires constant focus, assessment, and review to ensure that critical information assets remain safeguarded and protected against it.”

Edgard Capdevielle

Edgard Capdevielle is CEO at Nozomi Networks

“High profile attacks are becoming all too common, as attackers have realized they are immensely more profitable when they target large organizations and disrupt their critical business operations – in this case, the brewing operations of the world’s biggest, well-known beer brands.

While the company hasn’t released details, this scenario could be ransomware and this type of situation should be factored into an organization’s incident response and business continuity plans. Beyond a technical response, decision-makers need to be prepared to weigh the risks and consequences of alternate actions. Ransomware threat actors typically rely on spear-phishing links or vulnerable public services to gain initial entry into a network. Afterward, they move laterally to gain access to as many nodes of the network as possible, allowing them to increase the magnitude of the disruption.

Cybersecurity best practices such as strong segmentation, user training, proactive cyber hygiene programs, multi-factor authentication, and the use of continuously updated threat intelligence, should be used to protect IT and operational environments from ransomware and other cyber-attacks.”

Thanks to these experts for their time and expertise on the potential ransomware attack on Molson Coors. To find out more on how to secure your own business, check out our Endpoint Security Buyer’s Guide

 

Ben Canner
Follow me