October 17, 2019
Alphabroder Fully Operational Again After Malware Attack
The cyber assault focused on the Top 40 supplier’s order processing and shipping platform.
Alphabroder (asi/34063), the largest supplier in the promotional products industry, said late Thursday that it has completely recovered from the cyberattack it suffered this week.
Headquartered in suburban Philadelphia, the firm said in an initial statement issued Monday that it was struck by a strand of ransomware known as SODINOKIBI. The attack focused on the alphabroder’s order processing and shipping platform. After days of disrupted service and collaboration between alphabroder’s in-house cyber team and an expert forensics company, the supplier said that all ordering and shipping methods are up and running at 100% as of Thursday afternoon. “We will have a backlog on FedEx and USPS orders,” alphabroder said in a statement. “We will work through this over the next few days.”
Again, the alphabroder team would like to thank you all for your support and understanding during this time – it says a lot about the resilience, integrity, and character of our industry and makes us more committed and eager than ever to help grow your business. (4/5)
— alphabroder (@alphabroder) October 17, 2019
Alphabroder added that there’s no evidence that any customer data or account information was compromised or accessed by the malware. The supplier has previously said that employee data was not compromised.
“The alphabroder team would like to thank you all for your support and understanding during this time – it says a lot about the resilience, integrity and character of our industry and makes us more committed and eager than ever to help grow your business,” the company said.
According to Malwarebytes Labs, SODINOKIBI refers to a family of ransomware that encrypts important files and asks for a ransom to decrypt them. “The first thing users of affected systems notice is usually the ransom note when the encryption has already finished,” Malwarebytes Labs says. “The ransom instructions are visible on the desktop as well.”
Particularly hard to detect, SODINOKIBI reportedly encrypts files on local drives except for those listed in their configuration file. “We see Ransom.Sodinokibi being dropped by variants of Trojan.MalPack.GS that previously used to drop Ransom.GandCrab,” Malwarebytes Labs says. “Targeted files have the extensions .jpg, .jpeg, .raw, .tif, .png, .bmp, .3dm, .max, .accdb, .db, .mdb, .dwg, .dxf, .cpp, .cs, .h, ,php, .asp, .rb, .java, .aaf, .aep, .aepx, .plb, .prel, .aet, .ppj, .gif, and .psd.”
With reported North American promotional product revenue of $1.64 billion, alphabroder is the largest supplier in the industry, according to Counselor’s most recent rankings. The company’s five-year average annual growth rate is 14.6%.