A food manufacturer’s network is encrypted by ransomware after an employee’s curiosity gets the better of them
An employee received a legitimate-looking email whereby the sender stated that they were looking for employment and attached their resume for the company’s perusal. Although the business was not actively recruiting, the employee’s curiosity got the better of them and they clicked on the email attachment which was in fact malicious and designed to spread ransomware across the recipient’s entire network.
The ransomware installed encrypted all the business’s files and staff were unable to access any of their key programs, including their ordering system which shut down their entire production line. The attacker was demanding a payment of £10,000 to be paid in Bitcoin within 48 hours in exchange for the decryption code, if not the data would be destroyed.
Due to the time-sensitive nature in the food and drink industry, the business could not risk slowing down their production, as this would cause a loss of turnover and could impact brand loyalty if they missed orders. The industry is highly competitive, and distributors are likely to cancel contracts and move to an alternative supplier if they cannot obtain their products from their usual supplier – this could have long term detrimental effects on the business.
The policyholder notified our partner’s cyber insurance incident response team, who arranged the payment of the ransom and decrypted the affected servers within 3 days. During the 3 days without their systems, employees had to complete all tasks manually and all telephone calls that came through had to be noted on paper, reassuring the caller that they would be called back once the business’s technical issues had been resolved. Therefore, once the systems were up and running, the business had to pay overtime costs for the employees to re-enter all manual information to the systems and return calls etc., which totalled thousands of pounds.
All costs associated in dealing with the response to the cyber breach were covered by the business’s cyber insurance policy. If the manufacturer did not have cyber cover, the business would have been liable for these costs and responding to the breach would have taken much longer without the help of cyber experts. On average, it will take a business 4-6 weeks to respond to a cyber incident like this, however our cyber partner’s incident response team will usually have a business up and running just 3-4 days after an incident is first notified.
To learn more about our Cyber Insurance offering, please click here.