hiveleak attacks Rocky's Ace Hardware

Incident Date:

February 25, 2022

World map

Overview

Title

hiveleak attacks Rocky's Ace Hardware

Victim

Rocky's Ace Hardware

Attacker

Hiveleak

Location

Springfield, USA

Marryland, USA

First Reported

February 25, 2022

Rocky's Ace Hardware Suffers Ransomware Attack

Overview of the Incident

Rocky's Ace Hardware, a prominent retailer with a presence in Connecticut, Florida, Maine, Massachusetts, New Hampshire, Pennsylvania, and Rhode Island, has recently fallen victim to a ransomware attack orchestrated by the group known as HiveLeak. This cyber assault has severely compromised the company's information technology systems, including ACENET, Warehouse Management Systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards, and the Care Center's phone system.

The attack has rendered 1,202 devices inoperative, including 196 servers. Efforts are underway to restore these servers to facilitate the resumption of receiving, picking, and shipping operations. Currently, 51% of the affected servers have been successfully restored and are undergoing certification by Ace's IT department. The company's infrastructure comprises approximately 1,400 servers and 3,500 networked devices, indicating the attack's significant impact on nearly 200 servers and over 1,000 other devices.

Impact on Business Operations

Rocky's Ace Hardware, a cooperative with 17 distribution centers and 5,700 stores globally, including locations in the United States, China, Panama, and the UAE, employs 12,500 individuals and generates over $9 billion in annual revenue. The ransomware attack has precipitated a notable decline in revenue, with the company reporting $2.1 billion for the first quarter of 2023, marking a 5.8% decrease from the previous year.

The cyberattack has disrupted shipments and compelled the company to advise its retailers against placing new orders, as processing capabilities have been compromised. A team of IT specialists has been enlisted to aid in the restoration of the impacted systems. However, the complexity of the situation and the dynamic nature of the recovery process have made it difficult to provide precise updates on progress.

Response and Recommendations

In the wake of the attack, Rocky's Ace Hardware has been working diligently to restore its systems and operations, with assistance from digital forensic experts. Despite the challenges, the company's point-of-sale (POS) systems remain operational, allowing stores to remain open. Nevertheless, there have been reports of subsequent phishing attacks targeting store owners, highlighting the need for heightened vigilance.

This incident underscores the importance of adopting a zero-trust architecture, enabling multi-factor authentication (MFA), and utilizing strong, unique passwords. Additionally, it is crucial to educate employees on how to recognize and respond to phishing emails and smishing text messages, to bolster organizational cybersecurity defenses.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.