Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to restore 196 servers.
Ace Hardware is a hardware store retailer-owned cooperative that operates 17 distribution centers and 5,700 shops across the United States, China, Panama, and the UAE. The cooperative employs 12,500 people and has an annual revenue that surpasses $9 billion.
Reports of a cybersecurity incident impacting the entity surfaced over Reddit on Monday, where someone posted the content of Ace's notice to retailers about a cyberattack that occurred over the weekend.
"On Sunday morning, we detected a cybersecurity incident that is impacting the majority of our IT systems," reads the notice.
"As a result of this incident, many of our key operating systems, including ACENET, our Warehouse Management Systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards and the Care Center's phone system have been interrupted or suspended."
Scheduled deliveries are adversely impacted, and retailers are requested to refrain from placing additional orders for now, as these cannot be processed.
The company stated that it has engaged with a group of IT experts to help them restore the impacted systems, but because they deal with "a fast-moving, dynamic situation," details on the process and system status cannot be conveyed with accuracy.
An update on the situation came late on Monday, informing that the outage would continue indefinitely.
The new notice consulted retailers to keep their stores open to serve customers, advising that the in-store POS systems and credit card processing remain unaffected.
The online shop remains available for product search and viewing. However, the ordering functionality remains disabled today, as the systems that process customer orders are yet to be restored.
According to the latest information posted online by Reddit users claiming to be store owners, all internal corporate systems remain down, making them unable to order products from warehouses or dropship points.
"Good versus Evil"
In a new notice sent to retailers and seen by BleepingComputer, Ace Hardware President and CEO John Venhuizen explains that the company operates 1,400 servers and 3,500 networked devices.
Of these devices, 1,202 were impacted by the cyberattack and will need to be restored.
Of these 1,202 devices, 196 are servers that are being restored so that the receiving, picking, and shipping of orders can resume.
Venhuizen said that as of 5:31 AM this morning, 51% of these servers have been restored and are being certified by Ace's IT department.
The CEO concludes the email by equating this cyberattack to a battle of good versus evil, saying the attackers are no more than thugs.
"I'd like to end by reminding you that all of this frustration and all of this effort is the direct result of a malicious cyber attack on Ace," reads an update with a rare display of transparency sent to retailers today.
"This was perpetuated by criminals. Though they are hiding in this shadows, they are no different than thugs who break into your store attempting to steal your stuff."
"It's a battle of good versus evil. The processes to recover are complex, the principles of this battle are not."
"Good will ultimately triumph."
Cybercriminals take advantage
Unfortunately, while Ace restores their devices to resume operations, threat actors have flocked to take advantage of the attack.
Ace Hardware warns that threat actors are contacting Ace retailers with phishing emails that urge them to redirect payments to "an alternative" electronic payment address until systems are restored.
In other cases, attackers call Ace stores posing as agents of the Epicor Software Corporation, presumably one of Ace's contractors, asking them to hand over account credentials to their network allegedly for troubleshooting.
Ace issued a cautionary notice to retailers, alerting them about these incidents, which reflects how breaches can precipitate security and lead to further downstream compromises.
BleepingComputer has contacted Ace Hardware to learn more about the cyberattack, but we have not heard back yet.
Comments
plat1098 - 6 months ago
Couldn't set aside a few hundred mil from all that revenue for enhanced network security? Is Ace going to be part of this proposed initiative to refuse ransom payments?
Never ceases to amaze me that coughing up the money for better security is a fraction of the cost of cleaning up after a ransomware attack. But I guess vacations in Barbados are much higher priority.
EndangeredPootisBird - 6 months ago
Cloudflare is the only company that has mastered cyberdecurity. Why? They use hardware security keys for MFA and the correct usage of Zero Trust. That's it. Thats how easily they have avoided all attempted breaches. They shoild be a role model thay everyone should follow.
We wouldn't have to deal with constant breaches if companies snd governments actually prioritized the right security measures, instead of pouring money on maintenance heavy, ineffective, stop-gap solutions like endpoint security and VPN's.
K_Kid2K - 6 months ago
Bruh
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
They wouldn't even call it a vulnerability in order to save face, when nearly everyone around them did.
K_Kid2K - 6 months ago
https://www.bleepingcomputer.com/news/security/cloudflare-dashboard-and-apis-down-after-data-center-power-outage/
I wouldn't call them "masters". They're trying, but come on, even my little rinky-dink data center has redundant power availability. One of the basic pillars of Cybersecurity is availability.