WestRock Company announced Monday that it had detected a ransomware incident affecting ‘certain of its operational and information technology systems.’ The firm, which manufactures corrugated packaging and consumer packaging, did not release exact details of the impact on OT and IT systems, or the type of OT systems impacted in the incident.
The Atlanta, Georgia-based vendor detected the ransomware incident on Saturday, following which it ‘initiated response and containment protocols,’ WestRock said in a press statement. Its security teams, supplemented by cyber defense firms, are working to remediate this incident. WestRock has notified law enforcement and reached out to its customers to apprise them of the situation.
“Although WestRock is actively managing this incident and will continue to do so, it has caused and may continue to cause delays in parts of the Company’s business and may result in a deferral or loss of revenue and incremental costs that may adversely impact WestRock’s financial results,” WestRock said.
Systems recovery efforts following the ransomware incident are in process and being implemented as quickly as possible, and
are working to maintain the company’s business operations, and ‘to minimize the impact on its customers and teammates.’
Last week, the Cybersecurity and Infrastructure Security Agency (CISA) announced a ‘Reduce the Risk of Ransomware Campaign,’ its focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate cybersecurity risk and threat.
CISA is working to raise awareness about the importance of combating ransomware as part of an organization’s cybersecurity and data protection best practices, it said. Over the next several months, the security agency will use its social media platforms to iterate key behaviors or actions with resource links that can help technical and non-technical partners combat ransomware attacks.
Research firm Gartner has warned that as attack surfaces increase in critical infrastructure, the need to address physical threats and cyber threats will lead to the need for higher levels of adoption of emerging technologies to address security threats spanning these environments.
Critical infrastructure security leaders must observe tactics, techniques, and procedures (TTPs), including against spear phishing that obtains initial access to the organization’s IT network before pivoting to the operational technology (OT) network, according to Barika Pace, Gartner’s senior research director.
Cybersecurity and compliance advisory firm ITEGRITI advised organizations to have visibility into their assets and monitor them continually to spot any abnormal behavior. This is essential to identify and isolate attacks before they reach their final target. Coupled with strict access controls, the ICS organizations can minimize the impact of intrusions and maintain business continuity.
Organizations should also ensure that systems are regularly backed up and backups are stored offline, wrote Anastasios Arampatzis, in a blog post for ITEGRITI. Focusing on ICS operations, these backups must include the last known good-profile data to ensure a swift recovery and to minimize the impact of the attack, he added.