Discover the aftermath of ALPHV's ransomware attack on VF Corp, leading to the theft of 35.5 million user records.

Continue reading
The notorious ALPHV/BlackCat ransom group orchestrated a crippling ransomware attack on lifestyle apparel giant VF Corp, exposing a grave threat to its cybersecurity infrastructure. This threatfeed delves into the critical aspects of the data breach, contextualizing the incident with a keen eye on the deep-seated issues at play.
On December 13th, VF Corp fell victim to a ransomware attack that stole personal information from over 35 million individuals. The attack, later claimed by the ALPHV/BlackCat gang, compelled VF Corp to halt sections of its IT operations, causing chaos during the holiday season for a global manufacturer housing brands like The North Face and Vans.
In an amended filing with the US Securities and Exchange Commission (SEC) on January 18th, VF Corp revealed the staggering extent of the breach. Preliminary analysis estimates that the threat actor stole personal data from 35.5 million consumers. The implications for VF Corp, a prominent apparel, footwear, and accessories company with a revenue of $11 billion, are profound.
VF Corp, in response to the breach, promptly shut down affected systems and engaged federal law enforcement to determine the attack's full extent. The company's IT infrastructure has undergone extensive restoration, and the affected data has mostly been recovered. The company now plans to file a claim with its cyber insurance carrier to mitigate financial losses.
The attack disrupted brand operations during the crucial holiday shopping season, affecting retail store inventory replenishment, order fulfillment, and wholesale shipments. This led to customer order cancellations and reduced traffic on e-commerce sites. Despite these setbacks, VF Corp asserts that the material impact has been limited, with the company successfully catching up on holiday order backlogs.
Nick Tausek, Lead Security Automation Architect at Swimlane, underscores the critical need for proactive cybersecurity measures in an industry increasingly vulnerable to such threats. The VF Corp incident serves as a cautionary tale, emphasizing that robust preventative measures are no longer optional but essential for retailers with vast customer bases.
The aftermath of the VF Corp attack sheds light on the growing sophistication and volume of ransomware attacks across industries. ALPHV/BlackCat, known for triple-extortion tactics, collaborated with Scattered Spider in carrying out attacks on Las Vegas casino giants in September 2023. Security firm ReliaQuest identifies ALPHV/BlackCat as the third most active ransomware cartel in Q3 2023, causing estimated losses exceeding $1 billion.
Following the VF Corp attack, the Russian-linked ALPHV/BlackCat group faced operational challenges when the FBI seized one of its domain controllers. The subsequent takedown of its dark leak blog by the FBI disrupted the group's activities temporarily. The FBI's acquisition of ALPHV's decrypter tool, although resulting in no arrests, helped numerous companies recover their data.
The connection between VF Corp and the decrypter tool remains uncertain. While the company reported systems restoration, it's unclear if VF Corp benefited from the decrypter or remains among the companies still grappling with encrypted files.
Andrew Costis, Chapter Lead of the Adversary Research Team at Attack IQ, underscores the importance of preparation as the best defense against evolving cyber threats. Simulating attacks using specific tactics, techniques, and procedures (TTPs) employed by threat actors enables organizations to optimize responses and identify security control gaps.
Nick Tausek advocates for using low-code automation platforms to enhance security processes. Automating threat detection and response increases efficiency and provides insight, reducing vulnerability to the heightened sophistication of ransomware attacks.

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been