Steelite International, a popular Stoke-on-Trent-based ceramics manufacturer with an annual turnover exceeding £100m, suffered a cyber attack last week that gave a hacker access to payroll information and disrupted operations that employees had to work overnight to fix.
The company announced that the hacker behind last week’s cyber attack gained access to confidential payroll data and asked the company to pay ransom to recover the data. Because of the ransomware attack, the company temporarily lost control over its payroll server and there was a risk that it would not be able to pay its employees.
However, thanks to employees who worked overnight to resolve the problem, the company was able to regain access to the payroll server within 48 hours and managed to transfer payments to employees’ accounts.
Hacker gained access to payroll server
“The payroll server was compromised and we worked hard over a 48-hour period to get that resolved. There was a risk that we would not be able to process the payroll for Thursday so we felt it was appropriate to inform our employees.
“We have managed to recover the servers now and I am pleased to confirm that our employees will be paid on Thursday as planned. We have reported the incident to the National Cyber Security Centre and Staffordshire Police and our IT team worked incredibly hard overnight to ensure that the wages could be processed in time,” said Jon Cameron, group finance director at Steelite International.
“We cannot rule out the possibility that payroll data has been accessed and we recommend that you are extra vigilant in relation to any unexpected or unauthorised activity on your bank account and your credit profile. I totally understand any inconvenience or concern this may cause, especially at this time of year, and I apologise on behalf of the company.
“The attack was aimed at extorting money illegally from the business by causing maximum disruption. Sadly it is not just the business that has been potentially affected,” he added. Even though the company did admit that the hacker gained access to payroll data, it did not confirm if employees’ personal and financial details such as bank account numbers or addresses were compromised.
NCSC’s advisory on ransomware attacks
Last month, the National Cyber Security Centre published an advisory through which it warned businesses that ransomware attacks still posed a major cyber threat and were capable of inflicting wide-scale disruption.
“Throughout 2018, the NCSC has seen a trend in more targeted ransomware attacks. Criminal actors analyse victim networks to understand their ‘value’ and set a ransom demand based on that perceived value.
“Through analysis of the victim network and lateral movement, actors also seek to ensure that their malicious activity has the maximum impact on the victim organisation – potentially denying the victim access to business-critical files and systems and disrupting the operations of the victim organisation,” it said.
The cyber security watchdog added that even though it is well known that Windows operating systems are vulnerable to ransomware attacks, similar attacks have recently been launched by cyber criminals against Mac and Linux systems as well.
“The methods for infecting systems with ransomware are similar to those used with other types of malicious software, as are the steps organisations can take to protect themselves. Depending on an organisation’s level of preparation, ransomware infection can cause minor irritation or wide-scale disruption,” it said.