Ransomware Attack on Scottish Brewery Leverages Job Opening

LIFARS Cyber 911 - 24x7 Remove RYUK Ransomware And Secure Your Data

A Scottish brewery has suffered the brunt of a ransomware attack wherein a malicious actor used a purpoted job vacancy to install the malware.

Located on Arran, a small island off the Scottish coast, the brewery had posted a job opening for a financial assistant and credit control aid. This led to a targeted strike wherein an influx of CVs through booby-trapped emails carried a PDF file embedded with a ransomware.

An unsuspecting staffer opened the email to see the computers promptly infected. The attackers demanded two bitcoins to restore the system, according to the BBC, in return for a decryption key that was holding three months’ of sales data hostage.

“Out of the blue we started getting applicants for the post from all over the country and the world,” said Arran Brewery managing director Gerald Michaluk. “I assumed one of my colleagues had advertised the post. However, this was not the case; the attackers had taken our website vacancy and posted it on some international jobs site.”

The brewer declined to pay and used a cybersecurity firm to terminate the malware while working on restoring some of the data. A lot of the data was lost, according to a report by the Scottish Sun.

Michaluk added: “I hope if anyone finds themselves in a similar position they can recognise the MO of these bandits and not have the same issues we have had.”

Image credit: LIFARS archive.