[BreachExchange] The Candy Corn Has Been Hacked

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Thu Oct 21 09:10:14 EDT 2021 

https://gizmodo.com/the-candy-corn-has-been-hacked-1847901307


Just in time for Halloween, a ransomware gang has targeted Ferrara
Candy—the massive confectionary responsible for producing Brach’s
well-known candy corn—the most OG of holiday treats.

Ferrara, which is based in Chicago, is responsible for 85 percent of the
candy corn production in the country during the Halloween season—and
reportedly churns out approximately seven billion pieces of the candy per
year.

When reached for comment, Ferrara confirmed to Gizmodo that an attack had
occurred on Oct. 9 that “encrypted some of our systems.” The company
further stated that it was working together with law enforcement:

“Upon discovery, we immediately responded to secure all systems and
commence an investigation into the nature and scope of this incident.
Ferrara is cooperating with law enforcement and our technical team is
working closely with third-party specialists to fully restore impacted
systems as expeditiously and as safely as possible.”

The company further stated that it had resumed production in certain
facilities and that it was “near to capacity” when it came to shipping from
all of its distribution centers across the country. “We want to assure
consumers that Ferrara’s Halloween products are on shelves at retailers
across the country ahead of the holiday,” the company said.

When you go to the grocery store and grab yourself a giant feed-bag-sized
sack of candy corn in preparation for trick-or-treaters, Brach’s is
typically the brand you’ll be walking home with. Thus, a hack on Ferrara
would appear to be nothing less than a hack on the very institution of
Halloween itself.

Tbh, that’s pretty par for the course as far as this year goes—a year
wherein pretty much everybody is getting hacked all the time and no
institution is so sacred that it can’t be defiled by an asshole behind a
keyboard. Over the past ten-ish months, ransomware gangs have repeatedly
targeted large, high-profile companies in the energy sector, the food and
beverage industry, tourism, software, insurance, and pretty much every
other field of business you can think of. I guess it was only a matter of
time before they came for the candy.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211021/a69ae437/attachment.html>

More information about the BreachExchange mailing list