Logo of Molson Coors displayed on the top of a building showing cyber attack

A Suspected Ransomware Cyber Attack Shuts Down World’s Fifth Largest Beermaker Molson Coors

Molson Coors’ March 11 US Securities and Exchange Commission (SEC) filing disclosed that it suffered a “system outage” originating from a “cybersecurity incident.”

The beermaker said the incident could lead to delays or disruptions to its brewery operations, productions, and deliveries.

The Chicago-based beverage company is behind iconic beer brands, including Pilsner, Miller, Blue Moon, Grolsch, Foster’s, Killian’s, and Peroni.

Molson Coors promised a prompt resolution to the crippling cyber attack that left the company unable to access various systems involved in the production and delivery of popular drinks.

Molson Coors enrolls IT forensic firms, warns of potential delays after a cyber attack

While acknowledging the disruption, Molson Coors disclosed that it had enrolled leading forensic IT firms and legal teams to conduct an investigation into the incident.

The filing assured the authorities and the public that “the company is working around the clock to get its systems.” However, Molson Coors warned that the security incident could cause continued “delay or disruption to parts of the company’s business, including its brewery operations, production, and shipments.

Molson Coors cyber attack linked to suspected ransomware

While Molson Coors investigates the cyber attack, several sources suggested a possible ransomware attack. Speculations suggest that the fifth world’s largest beermaker took its systems offline to prevent the spread of ransomware across its network. However, no ransomware group has taken responsibility for the cyber attack or demanded a ransom.

“At the moment multiple reports indicate Molson Coors fell victim to a ransomware attack, but the precise family of ransomware hasn’t been specified,” Tony Lambert, intelligence analyst at Red Canary, gave credence to the speculation. “For manufacturing organizations, ransomware poses a major threat to data and system availability. Not only do corporate systems lose access to data, systems managing the manufacturing process may come to a halt as well, preventing the successful production and even delivery of products.”

Threat actors are likely to remain silent immediately after a cyber attack to increase the victim’s likelihood of cooperating.

The silence also earns them more leverage as many victims attempt to conceal the incident to avoid reputational damage associated with ransomware attacks.

After misleading the authorities and the public, organizations could suffer further reputational damages and possible legal consequences if they refused to pay the ransom.

Ransomware groups targeting beverage companies and industrial manufacturers

Ransomware operators have been diversifying their target victims to include companies not previously considered primary targets of ransomware. They have also been expanded their attack vectors including deploying ransomware through vulnerable Microsoft Exchange Servers.

According to the global data protection officer at OneLogin, Niamh Muldoon, “no industry is exempt from the ransomware threat.”

An Italian beverage manufacturer Campari Group was hit by a ransomware attack in November 2020, while Arizona Beverages’ computer systems were crippled by a ransomware attack two years ago.

On June 9, 2020, an Australian and New Zealand beer and milk supplier Lion was also disrupted by a similar ransomware attack. The attack delayed increased production schedules planned during the COVID-19 pandemic.

Some of the manufacturing behemoths struck by ransomware attacks in the past include Groupe Beneteau, a French boatmaker. The Japanese automaker Honda suffered a similar ransomware attack at U.S. facilities last summer, disrupting production operations. WestRock packaging also suffered a ransomware attack that heavily affected its operations.

Ransomware attacks on manufacturing firms could be devastating because a slight disruption in production could be catastrophic to other businesses down the supply chain.

Similarly, they pose an existential threat to the affected company because they could lead to colossal financial losses through reduced production, lost data, reputational damage, and costly ransom payouts.

Thus, SEC filings help potential investors to assess the risk associated with the affected companies before committing their finances. It’s no surprise that many companies are uncomfortable in acknowledging ransomware attacks.

“This is an example of how attackers are targeting high profile organizations to interrupt key business operations, in this case, manufacturing,” says Ms. Muldoon. “Ransomware remains a global cybersecurity threat and is the one cybercrime that has a high direct return of investment associated with it, by holding the victims’ ransom for financial payment.”

According to Edgard Capdevielle, CEO at Nozomi Networks, “high profile attacks are becoming all too common, as attackers have realized they are immensely more profitable when they target large organizations and disrupt their critical business operations – in this case, the brewing operations of the world’s biggest, well-known beer brands.”

He says that the potential ransomware incident should be factored into the business incidence response and continuity plans.

“Beyond a technical response, decision-makers need to be prepared to weigh the risks and consequences of alternate actions,” Capdevielle adds. “Ransomware threat actors typically rely on spear-phishing links or vulnerable public services to gain initial entry into a network. Afterward, they move laterally to gain access to as many nodes of the network as possible, allowing them to increase the magnitude of the disruption.”

Beverage manufacturer Molson Coors’ said that a #cyberattack affected its information systems and could cause delays in operations, production, and delivery. #cybersecurity #respectdataClick to Tweet

He recommended best practices such as strong segmentation, user training, proactive cyber hygiene programs, multi-factor authentication, and the use of continuously updated threat intelligence to protect IT and operational environments from ransomware and other cyber attacks.