Ransomware Attack Hits U.S. Candymaker Just Before Halloween

by | October 26, 2021 | Cybersecurity News

Somewhat fitting the spooky season, a ransomware attack hit Ferrara, a major candy company in the U.S. The candymaker hasn’t been able to resume operations fully. Trick-or-treating won’t be the same this year.

Ransomware Attack Hits Right Before Halloween

A big name from the candy-making scene is struggling to honor orders before trick-or-treating after ransomware cybercrooks locked up its systems.

Ferrara, the Chicago-based manufacturer of goodies like SweeTarts, Laffy Taffy, Nerds, Red Hots, Lemonhead candies, Boston Baked Beans, Atomic Fireballs, Pixy Stix, and Everlasting Gobstoppers, has been able to resume production only partly. Its data had hackers’ mouths watering, just like ours reading through the sweets named above.

“We have resumed production in select manufacturing facilities, and we are shipping from all of our distribution centers across the country, near to capacity. We are also now working to process all orders in our queue,” Ferrara said.

Ransomware – A Spooky Threat

Ransomware is a destructive form of cyberattack in which bad guys seize control of an organization’s systems and networks, encrypt them, and demand an often ridiculous amount of money in exchange for a decryption key. If the victim fails to pay within a given timeframe, the hackers will leak the stolen confidential data to the public.

It has been widely used to extort big businesses out of billions of dollars in recent years.

According to a statement, Ferrara first noticed that threat actors were locking up its computers and soliciting a ransom on October 9 and has brought in experts to help investigate the incident and help restore systems. The company disclosed the attack on Tuesday.

A spokesperson refused to state the percentage of orders the company was supposed to fill before Halloween. Instead, they said that all the candy distribution centers are shipping out goods.

“We appreciate our employees’ and customers’ patience and understanding,” the spokesperson said.

Protect Your Company Against Unholy Cyberthreats With ATTACK Simulator’s Security Awareness Training

Most ransomware attacks have one thing in common: their infectious vector – phishing emails.

To prevent such blood-curdling incidents from happening, implement security awareness training in your company.

Over one billion phishing emails are sent out each day, and many of them bypass security filters. Thus, you need to be able to rely on your employees to stay vigilant and spot phishing scams.

You can successfully defend your business partly by training your employees on cybersecurity matters and especially phishing attacks, and partly by adopting more rigorous security measures, such as implementing multi-factor authentication and user behavior analytics.

Researching the latest phishing trends and strategies and properly training your employees can be a hassle, so leave it to professionals.

Here, at ATTACK Simulator, we put ourselves in the attacker’s shoes as we believe that understanding their thinking and actions is vital in designing an accurate simulation.

Here are a few perks of our approach to phishing simulations:

  • Automated attack simulation – we simulate all kinds of cyberattacks.
  • Real-life scenarios – we evaluate users’ vulnerability to give company or pesonal data away using realistic web-pages.
  • User behaviour analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
  • Malicious file replicas – our emails contain malware file repilcas, to make the simulation as realistic as it can be.
  • Interactive lessons – if employees fail to recognize our traps and fall into one, they will discover lessons on the best security practices.
  • Brand impersonation – we impersonate popular brands to make the phishing simulations all the more realistic.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.

Put your employees to the test with our free security awareness training trial and find out where you stand against a phishing attack!


NBC News Sticky business: Ransomware hits U.S. candymaker ahead of Halloween

Chicago Tribune Ransomware attack disrupts production at Ferrara Candy, maker of Brach’s Candy Corn


Feature image: Photo by David Menidrey on Unsplash

Internet illustrations by Storyset

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.