Ransomware Attacks Kentucky’s Par 4 Plastics

The View from 30 Feet

by Lara Copeland, contributing editor
Plastics Business

Reveton. Bad Rabbit. Fusob. Petya. WannaCry. While some of these words seem nonsensical and others may read like a bad Hollywood movie title, they are names of notorious ransomware attacks that have spread across the globe since the beginning of this decade. Ransomware is just one type – albeit the most popular – of malware. According to researchers from Malwarebytes Corporation, an anti-malware software company, roughly 60 percent of malware payloads were ransomware.

Unfortunately, no industry is immune to a ransomware attack, and all sizes of organizations are susceptible. For Par 4 Plastics, Inc., a plastics manufacturer in Marion, Kentucky, with more than 200,000 square feet at its two facilities, an attack on November 1, 2017, instantly locked its files. “I got a call in the middle of the night that we’d been hacked and that all of our files were locked,” President Tim Capps said. He then was notified that the hackers were demanding a $200,000 ransom be paid in Bitcoins in exchange for unlocking the files. “I knew we weren’t going to pay the ransom,” he continued, “so our first response was to go manual.”

To stop the spread of the virus, Capps made the decision to pull all computers and servers offline immediately. “We shut down our ERP system (IQMS) and Wi-Fi, and email was taken offline,” he said. He then contacted Gov. Matt Bevins’ office. “They were instrumental in getting us in touch with the Department of Homeland Security for consultation,” he added. The state police and FBI also were contacted.

The inability to access its own files can be catastrophic for any company. Not only is there a potential loss of proprietary information and an interruption of normal procedures, but the business also is subjected to possible financial losses to restore systems and files – not to mention the harm its reputation may suffer. Though he understood these risks, Capps did not want to enter into negotiations with the hackers. “We were told that many times the ransom goes to bad people who do bad things, so there was no way we were willing to pay,” Capps said. From there, the company took proactive measures to regain its files and protect itself from potential future attacks.

In the initial week after the attack, when Par 4 Plastics made the decision to “go manual,” the company managed to continue meeting customers’ needs. “We did everything by paper, which was harder on our staff but still manageable,” Capps said. He also prioritized company-wide communication. For the first three weeks after the incident, he held strategic team meetings to keep the lines of communication open. “At the same time, we cleaned and checked all computers and servers and used our backup to restore our files ourselves.”

By the second week, systems were put back online as everything normalized. “During the third week, we reviewed some additional software that could have been infected, but thankfully it wasn’t,” Capps explained. Once all systems were reverified, the company was “pretty much 100 percent back to normal, yet we remained very cautious,” he said. Capps was thankful Par 4 had enough manual systems in place to get the job done. “The first week was the toughest, and operating manually was like going back in time – but things pulled together well.”

Once a series of checks was completed, “we went beyond to make sure we were very safe,” Capps explained. Additional malware protection was installed to detect and contain the virus. The company also hired a third-party administrator to aid the IT department in checking and verifying everything that had been put in place. From there, 24/7 advance performance monitoring and phishing security tests were implemented, and hourly backups of servers and files were conducted. Office 365 Cloud email was installed for additional protection. “This third-party server adds a layer of protection,” Capps said, “because everything goes through it before coming to us.” Par 4 Plastics also blocked certain countries from sending it email, since Homeland Security determined the hackers were foreign.

“We’re in good shape now and everything is back to normal, and much of this has to do with our incredible IT team – Chuck Beavers and Harley Watson – in addition to the entire organization’s flexibility in overcoming adversity,” Capps said. “We didn’t lose any sales, and we didn’t have any quality issues.” Furthermore, no shipments were missed, IT is business as usual and, to top it off, Par 4 even brought in two new customers during this process. The attack did impact Par 4’s customers slightly “because we were not using their systems through automation for ordering and receiving orders,” but Capps said his customers were very patient. “We explained to them that we had a virus and had to shut things down, but we kept the line of communication open and made sure they had their parts.”

Capps feels fortunate to have made it through this trial without losing any business or paying the hackers. “If you have your backups in place, you will not have to pay the ransom,” he said. He urged other companies to learn from his experience and emphasized becoming self-reliant. “Due to the large volume of attacks, the state police, Homeland Security and the FBI are only able to offer guidance and suggestions in recovering from these incidents.”

He added that having layers of protection and a contingency plan are imperative. “You need to educate yourself to the fullest on any issue – whether it’s safety, quality or cybersecurity. You need to know every aspect of your business.”