Rocky's Ace Hardware Suffers Ransomware Attack

Overview of the Incident

Rocky's Ace Hardware, a prominent retailer with a presence in Connecticut, Florida, Maine, Massachusetts, New Hampshire, Pennsylvania, and Rhode Island, has recently fallen victim to a ransomware attack orchestrated by the group known as HiveLeak. This cyber assault has severely compromised the company's information technology systems, including ACENET, Warehouse Management Systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards, and the Care Center's phone system.

The attack has rendered 1,202 devices inoperative, including 196 servers. Efforts are underway to restore these servers to facilitate the resumption of receiving, picking, and shipping operations. Currently, 51% of the affected servers have been successfully restored and are undergoing certification by Ace's IT department. The company's infrastructure comprises approximately 1,400 servers and 3,500 networked devices, indicating the attack's significant impact on nearly 200 servers and over 1,000 other devices.

Impact on Business Operations

Rocky's Ace Hardware, a cooperative with 17 distribution centers and 5,700 stores globally, including locations in the United States, China, Panama, and the UAE, employs 12,500 individuals and generates over $9 billion in annual revenue. The ransomware attack has precipitated a notable decline in revenue, with the company reporting $2.1 billion for the first quarter of 2023, marking a 5.8% decrease from the previous year.

The cyberattack has disrupted shipments and compelled the company to advise its retailers against placing new orders, as processing capabilities have been compromised. A team of IT specialists has been enlisted to aid in the restoration of the impacted systems. However, the complexity of the situation and the dynamic nature of the recovery process have made it difficult to provide precise updates on progress.

Response and Recommendations

In the wake of the attack, Rocky's Ace Hardware has been working diligently to restore its systems and operations, with assistance from digital forensic experts. Despite the challenges, the company's point-of-sale (POS) systems remain operational, allowing stores to remain open. Nevertheless, there have been reports of subsequent phishing attacks targeting store owners, highlighting the need for heightened vigilance.

This incident underscores the importance of adopting a zero-trust architecture, enabling multi-factor authentication (MFA), and utilizing strong, unique passwords. Additionally, it is crucial to educate employees on how to recognize and respond to phishing emails and smishing text messages, to bolster organizational cybersecurity defenses.

Sources

• Ace Hardware hit in cyberattack, CEO confirms - The Register
• Rocky's Ace Hardware - HackNotice