Arran Brewery attack possibly related to Dharma ransomware

One of Dharma ransomware's versions seems to be guilty of hacking Arran's Brewery

A variant of Dharma supposedly hacked Arran's Brewery and demanded 2 Bitcoins for the ransom.

A new ransomware attack set up against businesses, not just ordinary users, has just emerged. It seems that this case is related to an infamous Dharma ransomware^[1] and one of its versions called “Bip”. The victim that suffered data loss because of virus encryption is Arran's Brewery located in Scotland. Its employees became suspicious once they discovered that the company's computer systems went offline. The director Gerald Michaluk claims that virus infiltrated their system thru an innocent job application email.

An email which was sent to the company's official email did not seem dubious in any way, so one of Arran's staff members decided to open the attachment without thinking much. Sadly, now it is clear that the email message contained a harmful payload which activated the ransomware infection once downloaded to the computer. According to victims, the infected content was sent in a PDF file.

While Arran's staff found it interesting why this suspicious email came to them when all positions are occupied by employees, they still rushed with its download to one of the company's computers. According to that, it happened due to an email chaos and resulted in affecting numerous computer systems.

Arran's Brewery decided not to pay the ransom and found tech expert instead

In exchange for restoring important system documents, hackers hiding behind this ransomware demanded a particular ransom – 2 Bitcoins.^[2] The good news is that the company did not face any monetary loss since its leaders did not agree to pay the ransom. As an explanation, the company claimed that paying the price would have resulted in the loss of three months' sales.

However, not all companies disagree to pay the demanded ransom. According to Barry Shteiman from Exabeam, although this is a safer option to avoid the risk of being scammed out of your money, sometimes paying the price costs less than restoring files:^[3]

If giving up on the encrypted data has a higher cost in lost revenue or intellectual property than remediation, then you can also see why an organization would pay the ransom. Of course, this is a last resort, if all other options have been exhausted.

Arran was a little bit luckier in this case as the company managed to find a highly-skilled expert which managed to identify the problem, break through the secret code, and bring some locked files back to normal.^[4]

Stay safe from ransomware

Ransomware attacks are one of the most common issues nowadays. Such viruses are capable of affecting various companies worldwide, including hotels, car factories, airline organizations, and more.^[5] Sometimes ransomware can break through even the strongest security system but that does not mean that we should not take any precautionary measures of our own to prevent such damaging infections.

Even original users who are just likely to browse the Internet and visit Facebook are at risk of being affected by ransomware if they act carelessly while performing computing work and opening questionable email messages. A strong recommendation would be to delete all spam emails that you receive if you are not waiting for anything important at the moment.

Moreover, it is important to protect every computer system and its programs by installing strong and reliable computer security software. Do not be afraid to invest in a truly effective one as protection is always needed. Make sure you keep your antivirus always updated and it will automatically keep your computer safe while you are running programs on your computer, browsing the web, or performing other computing activities.