‘Trick or Treat’ – Ransomware Attack on US Sweet Maker Before Halloween!

‘Trick or Treat’ – Ransomware Attack on US Sweet Maker Before Halloween!

The manufacturer of some of Halloween’s most popular US sweet treats has been hit with a ransomware attack that disrupted production just weeks before the sweet industry’s biggest trading period.

Chicago-based Ferrara acknowledged an attack on Oct. 9 that encrypted some systems & disrupted production.


Chicago-based Ferrara Candy Co. confirmed publicly that a cyber-incident that encrypted some of its systems on Oct. 9, affecting the production of its numerous popular US confection brands, including Brach’s Candy Corn, which is a confection that divides sweet enthusiasts into “love it” & “hate it” groups.

However, those in the US worried that this year they will not get their ‘fix’ of the controversial candy corn & other treats can rest assured. Ferrara stated that it already had fulfilled most of its sweet orders for Halloween when it typically does — in early Aug. — so supply this year should be normal, according to the report.

Few Specific Details

Ferrara has released few specific details about the attack, & it is unclear at the moment which ransomware group is responsible. One potential culprit is Black Matter, a group that rose from the ashes of the former Dark Side ransomware gang & who US Federal authorities warned this week is on the offensive.

Company officials said they immediately responded to the attack by securing all systems & launching an investigation, on which Ferrara is collaborating with police, according to a report in Gizmodo. The company also has used 3rd-party specialists to restore systems to full operational capability.

Halloween Will Be Saved

For now, Ferrara’s production is nearly back up & running at full speed so the company should be able to fill any outstanding Halloween orders in time for the holiday, it told The Chicago Tribune.

“We have resumed production in select manufacturing facilities, & we are shipping from all of our distribution centres across the country, near to capacity,” the company said, according to the report. “We are also now working to process all orders in our queue.”

Good News

That is good news not only for Ferrara but also distributors of sweets & confections in general, as US manufacturers typically take in $4.6bi of their $36b in yearly sales during Halloween.

Aside from Brach’s Candy Corn—which represents 85% of candy corn sales in the US during the Halloween season—other popular US  products that Ferrara produces include Sweet Tarts, Laffy Taffy, Runts, Fun Dip & Red Hots.

Opportunistic Attack

Industry watchers explained that they are not surprised that threat players targeted Ferrara with a ransomware attack at a time, when it is likely to be the most desperate to get production back up & running at full speed quickly, improving their chances of success.

“This is typical behaviour from cyber-criminals—they target companies when they’re most vulnerable,” outlined Simon Jelley, General Manager for Endpoint & SaaS protection at enterprise data protection firm Veritas Technologies. “Attackers want to create situations where companies feel they have no choice but to pay up.”

Cautionary Tale

The attack then should be a cautionary tale for other organisations to be especially vigilant as they approach critical moments in their business, whether seasonal, market-driven, or otherwise, he stated.

The incident also highlights the need for resiliency among organisations, including a “worst case scenario” plan in the event of a cyber incident during a crucial time in the business, another security expert explained.

Vulnerable Times

However, this type of security position must be maintained year-round, not merely be enforced during vulnerable times, warned Chris Clements, VP of Solutions Architecture at cyber-security firm Cerberus Sentinel.

“The answer to such evolving threats remains constant, however,” he revealed in an e-mail. “To ensure the best chance of avoiding or quickly catching & stopping an attack before it becomes a widespread issue is to adopt a true culture of security in the organisation.”