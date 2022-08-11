Hanesbrands Inc. disclosed Thursday the financial and logistical costs of being victim to a ransomware attack in May.

The Winston-Salem based apparel manufacturer said in a May 31 regulatory filing that it began experiencing the ransomware attack on May 24.

Ransomware is a type of malicious software employed by hackers that can block access to a computer system until a ransom is paid. In recent years, the targets have shifted from individuals to governments, companies, nonprofits and health care systems.

Hanesbrands disclosed in its second-quarter earnings report that its global supply chain network and ability to fulfill customer orders were affected for about three weeks.

The ransomware attack resulted in a $100 million reduction in net sales and a $35 million reduction in adjusted operating profit. It also lowered adjusted earnings per share by 8 cents.

Hanesbrands did not say in the report whether it paid a ransom to regain access to its computer system. The company could not be immediately reached for comment on the subject.

"At this time, the company believes the cyber event has been contained," Hanesbrands said.

"There is no on-going operational impact on the company's ability to provide its products and services.

"Despite the disruption, the company shipped all innerwear back-to-school seasonal commitments on time and in full."

Hanesbrands said “innerware” – or underwear – sales were down 12% to $685.8 million, adding that the ransomware attack and lower than expected in-store sales offset any benefit the manufacturer gained from increasing prices in the first quarter and increasing retail space.

Overall net sales were down 13.5% year over year to $1.51 billion, while net income dropped 28.4% to $92.1 million and diluted earnings were down 11 cents to 26 cents.

In the May 31 ransomware disclosure, Hanesbrands it had “activated its incident response and business continuity plans designed to contain the incident.”

Hanesbrands said at the time it had notified law enforcement and was cooperating with the investigation in addition to engaging attorneys, a cybersecurity forensic firm and other professionals to deal with the response.

It remains unclear if the attack affected only internal operations or whether the information held hostage affected employees and customers.

In 2021, ransomware attacks were carried out on at least 2,323 local governments, schools and health care providers in the United States, according to a May 24 report to the U.S. Senate Homeland Security and Governmental Affairs Committee.

One of the most recent high-profile ransomware attacks occurred in May 2021, affecting Colonial Pipeline, which has a major operational hub in Greensboro.

The Colonial Pipeline shut down for six days because of the attack, affecting gasoline, diesel and jet fuel supplies in North Carolina and along the East Coast. It took several more days for supply to reach normal levels.

Multiple sources confirmed to The Associated Press in May 2021 that Colonial Pipeline paid the criminals who committed the cyberattack a ransom of nearly $5 million in cryptocurrency for a software decryption key required to unscramble their data network.

In 2018, ransomware attacks involving Iranian-based hackers struck the computer networks of hospitals and other targets in 43 states. That disrupted Laboratory Corp. of America in Burlington.

“There is no evidence that any LabCorp data was removed from our systems,” LabCorp said in an Oct. 26 statement.

The company said the attack affected access to test results for a limited period but that “operations were returned to normal within a few days.”

U.S. lacks info

A U.S. Senate ransomware report determined that the federal government lacks a complete picture of ransomware attacks.

The report also found that the government lacks information on how much ransom was paid — typically in the form of cryptocurrencies — by victims of such attacks.

“Cryptocurrencies, which allow criminals to quickly extort huge sums of money, can be anonymized and do not have consistently enforced compliance with regulations, especially for foreign-based attackers, have further enabled cybercriminals to commit disruptive ransomware attacks that threaten our national and economic security,” committee chairman Sen. Gary Peters, D-Mich., said in a statement accompanying the report.

The investigation found the federal government “lacks the necessary information to deter and prevent these attacks and to hold foreign adversaries and cybercriminals accountable for perpetrating them,” Peters said.

“Many of these attacks generated significant losses and damages for victims,” the report said. Data from the FBI based on complaints from victims from 2018 to 2020 showed “a 65.7% increase in victim count and a staggering 705% increase in adjusted losses.”

In 2021, the FBI received 3,729 ransomware complaints, with adjusted losses totaling $49.2 million, according to the report.

But the data “drastically underestimates” the number of attacks and ransoms paid, and the FBI considers the numbers to be “artificially low,” the report said.

The real cost of such attacks could range from several hundred million dollars to as much as $10 billion, the report said.

In 2020, criminal gangs were said to have received “at least $692 million in cryptocurrency” as ransom payments, the report said, citing data from Chainalysis, a blockchain data and analysis company that tracks such payments. That compares with $152 million in ransoms paid in 2019, the report said.

Another study by anti-malware company Emsisoft counted 24,770 ransomware incidents across the United States in 2019, with estimated damages, including downtime losses, of “just under $10 billion,” the report said.