Dole has confirmed that information for an undisclosed number of employees was exposed in a February ransomware attack. Dole had already disclosed the attack on February 22, saying it had a limited impact on its operations.
Bleeping Computer reports that “the company revealed that last month's cyberattack directly impacted its employees' information in the annual report filed with the U.S. Securities and Exchange Commission (SEC) on Wednesday.”
"In February of 2023, we were the victim of a sophisticated ransomware attack involving unauthorized access to employee information," Dole said in the filing.
Takeaway: Dole has confirmed that employee data was compromised in the February ransomware attack. Again, we are seeing that data exfiltration is now central to how these ransomware groups operate, with some like BianLian (and Karakurt before them) showing signs they may move entirely to a direct exfiltration/extortion strategy, foregoing the detonation of a ransomware payload altogether. This would streamline operations for the attackers, reduce overhead and development costs, and possibly result in more sensitive data being exposed.
Organizations need to focus on both prevention and resilience. If they are hit with ransomware, they need to be able to recover quickly and resume normal business operations with minimal disruption. Dole mentioned in their latest statement that they would be implementing a 'crisis management protocol' that includes a 'manual backup program," which we can assume means protecting copies of critical data offsite for swifter recovery in the case of a ransomware attack, which is highly advisable for every organization, but it does not address the data exfiltration and exposure issue.
Organizations should also be more cognizant of the data loss aspect of these campaigns. These are multi-stage attacks, and that means we have multiple opportunities to detect and stop them. Organizations require both a robust prevention and an agile resilience strategy to defend against this wave of ransomware attacks. This approach includes endpoint protection solutions, patch management, data backups, access controls, employee awareness training, and organizational procedure and resilience testing into all ransomware readiness plans to be successful.
Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.