Updated 10:49 a.m. ET, October 16, 2019:

Statement from alphabroder:

"Good news - alphabroder is making great progress on fully remedying our malware incident – as a reminder the attack was focused on our order processing and shipping platform. To date, we have no evidence that any Customer data or account information has been compromised or is accessible by this malware. We continue to work with an expert forensics company and our cyber team to remedy the situation and are optimistic based on the progress we are making.

As of now, we are able to process orders via alphabroder.com, phone and email…so all order methods, shipping via UPS, are back to normal. We are currently shipping orders via UPS, On Trac and LTL Trucks. We continue to work on getting FedEx and USPS back online.

If you placed an order via email over the last two days your order is in our queue and is being processed.

The alphabroder team would like to thank you all for your support and understanding during this time – although we suffered a serious attack we continued to focus on yours and our business and have shipped more than 66,500 orders over the last two days. We look forward to being back to 100% as soon as possible.

Our continued goal is to keep you informed as we work through this – for immediate information or questions, please follow us on Facebook @alphabroder. We will provide updates as we have any relevant information to share.”

ORIGINAL STORY PUBLISHED OCTOBER 14, 2019: 

Alphabroder (asi/34063), the largest supplier in the North American promotional products industry, said Monday that it has been the victim of a cyberattack.

Headquartered in suburban Philadelphia, the firm said in an initial statement issued Monday that it’s been hit by a strand of ransomware known as SODINOKIBI. “No customer data or account information has been compromised or is accessible by this malware,” alphabroder said in an official statement, which acknowledged that its shipping and processing platform has been affected. “It’s temporarily disabled us from an order processing standpoint,” David Clifton, alphabroder’s chief marketing officer, told Counselor. In the statement, alphabroder added: “We are working with the authorities and our cyber insurance team to remedy the situation. We believe we will have this addressed and be shipping orders as normal within the next 24 hours.” Alphabroder noted that workers’ personal information was not affected.

We are working with the authorities and our cyber insurance team to remedy the situation – we believe we will have this addressed and be shipping orders as normal within the next 24 hours.

— alphabroder (@alphabroder) October 14, 2019

Speaking to Counselor, Clifton emphasized that alphabroder had recommended security protocols in place, from firewalls to disaster recovery to various other protective systems. “Unfortunately, it’s a sophisticated malware, and was able to work around those protections,” Clifton told Counselor.

According to Malwarebytes Labs, SODINOKIBI refers to a family of ransomware that encrypts important files and asks for a ransom to decrypt them. “The first thing users of affected systems notice is usually the ransom note when the encryption has already finished,” Malwarebytes Labs says. “The ransom instructions are visible on the desktop as well.”

Particularly hard to detect, SODINOKIBI reportedly encrypts files on local drives except for those listed in their configuration file. “We see Ransom.Sodinokibi being dropped by variants of Trojan.MalPack.GS that previously used to drop Ransom.GandCrab,” Malwarebytes Labs says. “Targeted files have the extensions .jpg, .jpeg, .raw, .tif, .png, .bmp, .3dm, .max, .accdb, .db, .mdb, .dwg, .dxf, .cpp, .cs, .h, ,php, .asp, .rb, .java, .aaf, .aep, .aepx, .plb, .prel, .aet, .ppj, .gif, and .psd.”

With reported North American promotional product revenue of $1.64 billion, alphabroder is the largest supplier in the industry, according to Counselor’s most recent rankings. The company’s five-year average annual growth rate is 14.6%.