The world’s largest candy maker shuts down its operations due to ransomware. Won’t somebody think of the children?

A security report notes that Ferrara Candy, one of the world’s leading candy producers, has been the target of a powerful ransomware attack. Based in Chicago, Ferrara makes nearly 90% of the popular sweet corn, one of the most consumed products during Halloween.

So far, it is unknown the identity of the hacking group is behind the infection, as well as the amount of the ransom and whether the affected company is paying to recover their files.

The incident was detected on October 9, when Ferrara began to experience severe flaws in its systems: “After detecting the attack, we began an investigation into the nature and extent of the infection. We are notifying law enforcement and will work with outside specialists to restore our systems as soon as possible.”

The company’s security teams also mentioned that some of the affected systems were about to be fully restored, so their production and distribution goals should be met smoothly: “We want to assure our customers that Ferrara products for Halloween will be available in stores before the holidays begin,” adds the company’s utensils.

As mentioned above, sweet corn is one of the most consumed products during Halloween in the United States, so Ferrara produces about 7 billion candies a year: “A cyberattack against Ferrara is practically a cyberattack against the same institution of Halloween,” said a source close to the incident.

In 2021, ransomware groups have repeatedly targeted large, high-profile companies in critical sectors such as energy, the food and beverage industry, and public computing infrastructure. However, the most recent attacks began to attract the attention of the US authorities, so for a couple of months, ransomware groups have become one of the main targets of US intelligence agencies.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.