Popular clothing brands such as Vans, Supreme, and The North Face are facing delays in their Christmas shipments due to a ransomware cyberattack on their parent company.
According to an SEC filing by VF Corporation (VF Corp.), the data breach was detected on December 13. Threat actors disrupted operations by encrypting some IT systems. As a result, the hackers accessed personal data, impacting the company’s ability to fulfill orders.
Despite this setback, customers can still place orders with their preferred retailers. However, the shipping calculator, crucial for estimating delivery times, is currently unavailable.
No identities were disclosed.
VF Corporation reiterated regulator statements, leaving key details undisclosed—threat actors, malware, demands, and data extent remains unknown. The impacted customers face a “material impact,” but the investigation’s ongoing nature prevents a comprehensive understanding of the incident. Typically, ransomware groups target valuable data for cryptocurrency exchange, either with victims or on the black market. Whether proprietary or customer data (names, emails, Social Security Numbers, or payment info), the exact nature of the stolen data is yet to be revealed.
Evolving Tactics and Severe Impact on Cybersecurity
Ransomware, a malicious software, encrypts data, demanding a ransom for access restoration. Initially, encryption-only tactics were thwarted by regular backups. However, cyber extortion emerged, compelling victims to pay by incorporating additional threats. Attackers, evolving, now target victims’ backups directly, hindering data restoration.
In the broader context of malware, ransomware is a specific subset coercing payment for data decryption. The impact is severe, affecting individuals, organizations, and even entire municipalities or countries. These financially motivated attacks are on the rise, with Verizon’s report indicating ransomware involvement in 24% of breaches, and Sophos’ findings revealing 66% of organizations experiencing a ransomware attack in the past year, with 76% resulting in data encryption. The landscape is evolving, emphasizing the critical need for robust cybersecurity measures.