WestRock Ransomware Attack Hinders Packaging Production

westrock ransomware attack

The ransomware attack, affecting OT systems, resulted in some of WestRock’s facilities lagging in production levels.

WestRock – the second-largest packaging company in the U.S. – continues to restore its systems, two weeks after it discovered it was the victim of a ransomware attack.

WestRock, which has more than 320 manufacturing facilities globally, creates packaging supplies for a bevy of high-profile clients, including General Motors, Heinz and Home Depot.

The ransomware attack was discovered on Jan. 23 and affected the company’s operational technology (OT) systems. These systems are comprised of equipment used to manage, monitor and control industrial operations. That means that several of WestRock’s factory processes – including mill system production and packaging-converting operations – were crippled.

“WestRock is undertaking extensive efforts to identify, contain and recover from this incident quickly and securely,” said the company, in a new update on the attack, Friday. “Upon discovering the incident, WestRock immediately began an investigation, implemented business-continuity processes and initiated response containment protocols with the support of cybersecurity experts.”

Ransomware Attack: Impact on WestRock

In a presentation on its first-quarter earnings results for 2021 for its investors, WestRock said that there is currently no evidence that customer or coworker data has been compromised by attackers.

As a result of the ransomware attack, shipments for some of the company’s facilities have lagged in production levels, according to the company. For instance, the firm’s mill system production, through Feb. 4, was approximately 85,000 tons lower than planned, it said.

For context, according to its 2020 annual report, WestRock’s annual production capacity for corrugated packaging mills (to create cardboard utilized by various commercial companies) in 2020 was almost 12 million, while its annual production capacity for consumer packaging mills was almost 4 million.

Dirk Schrader, global vice president at New Net Technologies (NNT), said that while WestRock was quick in reporting the incident, this lag points to struggles around the company’s initial “response and containment protocols.”

“Being affected by a cyberattack at production control and plant level is not only going to cost you revenue from that loss in production, it affects the reputation and the supply chain of your up-stream customers,” Schrader said.

The attack also hits a company that has shifted to high gear to keep up with the increased demand for online shopping — and consequently, more packaging — triggered by COVID-19. WestRock said it has been working to support critical infrastructure, supply chains and other manufacturers in delivering their goods to consumers during the ongoing pandemic.

WestRock Takes Ransomware Remediation Steps 

Despite the lag in production, WestRock said this “gap is closing quickly as systems are restored.” Its packaging converting operations are also close to returning to full planned production levels.

“The WestRock team remains in regular communication with its customers to share information and updates and to meet their business needs,” said WestRock on Friday. “WestRock is also working with its vendors so they are informed, and supply chains remain operational.”

What’s still unknown is what kind of ransomware was used in the attack, whether a ransom was paid and how the attack was launched. Threatpost has reached out to WestRock for further comment.

Cyberattacks on Industrial Control Systems

The effect of ransomware attacks on company OT systems – such as production lines – are particularly dire. The impacts of such attacks extend beyond financial detriment to include supply-chain issues or even physical danger.

These types of attacks have been ramping up over the past year. For instance, aluminum giant Norsk Hydro fell victim to a serious ransomware attack in 2020 that forced it to shut down or isolate several plants and send several more into manual mode. And the Snake ransomware in June 2020 reportedly hit Honda and a South American energy-distribution company called Enel Argentina.

Flaws in the industrial space are also continuing to crop up: A report released last week analyzed all publicly disclosed vulnerabilities in ICS (industrial control system) networks in the second half of 2020 – and found a nearly 33 percent increase in ICS disclosures over 2018.

“Operational technology has for long been seen as ‘this is not IT, why should I bother about’ from cybersecurity folks, and neither did the ICS folks,” Schrader said. “The results are a dangerous mixture of differing languages and focus about what security is.”

Still, he said, “the essential security controls have to be placed regardless of one’s perspective on IT and OT cybersecurity. Whether you prioritize availability (OT) or confidentially (IT), you will need to manage your vulnerabilities and to control unwanted change in order to maintain both.”

Download our exclusive FREE Threatpost Insider eBook, Healthcare Security Woes Balloon in a Covid-Era World, sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and DOWNLOAD the eBook now – on us!

Suggested articles