According to its recent filing with the US Securities Exchange Commission, Mattel was the victim of a ransomware attack earlier this year. However, the toymaker followed its response protocols and stated that it had seen no material impact to its operations as a result.

The filing stated: “On July 28, 2020, Mattel discovered that it was the victim of a ransomware attack on its information technology systems that caused data on a number of systems to be encrypted. Promptly upon detection of the attack, Mattel began enacting its response protocols and taking a series of measures to stop the attack and restore impacted systems. Mattel contained the attack and, although some business functions were temporarily impacted, Mattel restored its operations. A forensic investigation of the incident has concluded, and no exfiltration of any sensitive business data or retail customer, supplier, consumer, or employee data was identified. There has been no material impact to Mattel’s operations or financial condition as a result of the incident.”

Responding to the news, Boris Cipot, senior security engineer at Synopsys, said: “It is refreshing to see an organisation recover from a cyberattack without major losses. Mattel’s response to an initially successful breach managed to limit the attack and helped them regain control over their systems. Such a success story is not at all common. Usually, there is a substantial loss in business downtime and the financial costs associated with this. We hear about data that is stolen and leaked or used to blackmail organisations into paying millions in ransom, followed by potential fines from non-adherence to regulations. Yet, that was not the case in this instance. I hope that Mattel will share how they sustain the resilience of their systems, and specifically, how they stopped this particular attack from causing more damage, as others could learn from them. Sharing best practices in resilience management and response is crucial if we want to fight off attackers who often seem to be one step ahead of us.”

“We see nearly endless headlines about ransomware, but underlying each of these incidents is a set of conditions that allowed that ransomware to take hold,” adds Paul Norris, senior systems engineer at Tripwire. “Ransomware traverses networks using a variety of techniques, including taking specific actions to avoid detection. Asking for ransom is literally the last thing the ransomware does. Mattel’s response to the compromise, and the fact that they were able to stop attackers on their tracks, should be taken as an example of how the correct security measures can really make the difference. Organisations that want to avoid becoming a ransomware headline need to focus their defence on prevention first and response second. Detecting the activity and changes that occur in your network is an important part of preventing ransomware from taking hold.”