Thousands of contractors, including HGV drivers, were left unpaid for as long as a month, when umbrella company Giant Group was hit with a sophisticated ransomware attack that shut down most of its portals. As of Wednesday this week, according to a statement made by the Group, the payment portals were final up and running, although it seems many contractors remain unpaid or still chasing backpay.
The facts
Strangely, this attack has been largely ignored by most media outlets in the UK, with Sky News publishing a piece on it but pulling it from their site a few days later. Most of the information comes from the company itself, with very few independent news sources reporting on it and no ransomware group has claimed the attack.
According to statements made on Giant’s various company websites, the attacker(s) infiltrated the company’s portals on 22 September, with no further information as to how it was done or if contractors’ information was compromised. The impact, however, was drastic: because the entire network was compromised, the business was forced to take its systems offline and follow stringent protocols to make sure no further breach occurred.
That means contractors were left chasing back payments, expenses, salaries and left with no payments for up to a month. With freelancers often being cash-poor as larger companies can take much longer than agreed payment terms to pay them, this would have left thousands of people in dire circumstances.
The company has only communicated via FAQs and notices on its website. Contractors have been unable to get in touch with anyone at Giant Pay due to their phone and email systems being integrated with the network – a common approach to comms systems – and with the full proactive blackout Giant Group chose to implement, no phone or email comms were up and running.
According to the latest notice on its website, the phone systems were back online, along with all the company portals, including payroll, from 29 September.
Lessons learned
While there is no indication that Giant Group’s network was particularly vulnerable, or its security particular lax, there has been a spate of cloning and ransomware incidents with umbrella and payroll companies in recent months. And cybercrime, much like any “industry” does tend to follow trends. So, when companies see other firms being attacked, the first reaction should not be to read and move on, but to be proactive when reviewing the company’s own security systems.
[inlinead-1]
Furthermore, communication is key: in both the massive T-Mobile breach we reported and in the case of Giant Group, customers were left incredibly frustrated with the lack of communication and inability to contact anyone for more information. While cybercrime may be on the security side of things, PR and comms are just as important and are a huge part of managing any breach.
Quick tips
- Know thy enemy: according to this story, the top three ransomware groups operating in the world aren’t ones we typically think of. That means security personnel need to be on the ball when it comes to proactive research and investigation into possible threats. Vigilance is the name of the game.
- Work with your marketing and PR teams: while we may think of IT and security as worlds apart, in today’s social media-driven world, bad press will affect your bottom line as much as any breach. Be proactive and create boilerplate texts for possible data breaches, and be quick to communicate – silence will always make your company look worse and create bogeymen out of attackers.
- Be humble: When you see an attack on any organization, but particularly notice a trend of type of infiltrations or a trend toward certain organizations being targeted, double down on and double check your own security.