In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories relevant to the cannabis industry.


FBI says the Cuba Ransomware Gang Made $43.9 Million from Ransom Payments

The US Federal Bureau of Investigations said today that the operators of the Cuba ransomware have earned at least $43.9 million from ransom payments following attacks carried out this year. In a flash alert sent out on Friday, the Bureau said the Cuba gang has “compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.” The flash alert includes indicators of compromise (IOCs) which can help identify if your systems have been compromised. We encourage all cannabis operators to share this alert with their internal IT teams or managed service providers to ensure systems are checked.

The FBI said it traced attacks with the Cuba ransomware to systems infected with Hancitor, a malware operation that uses phishing emails, Microsoft Exchange vulnerabilities, compromised credentials, or RDP brute-forcing tools to gain access to vulnerable Windows systems.

The Cannabis ISAO has identified a recent ransomware incident within the cannabis industry, and we encourage the entire industry to remain vigilant from this threat. We have previously covered various resources to help prevent and respond to ransomware, like the Cybersecurity & Infrastructure Security Agency’s (CISA) Stop Ransomware. The FBI has been successful in retrieving paid ransoms after some recent attacks, so we do recommend contacting your nearest FBI field office should your organization become a victim of an attack. 

Physical Security

Oakland Cannabis Dispensaries Ask Police for Help Amid a String of Armed Robberies and “Smash and Grab” Thefts

Among the more than a dozen smash-and-grab robberies in the Bay Area in recent weeks, cannabis facilities may have been the hardest hit. In San Francisco, at least four cannabis businesses have been robbed in the last two weeks, according to news reports. At least 20 have been hit in Oakland, where most of the Bay Area’s cannabis cultivation, manufacturing and distribution facilities are located.

“It’s proving to be unbearable for cannabis operators,” said Amber Senter at an Oakland press conference held by cannabis business owners on Monday. Senter owns multiple cannabis business licenses in San Francisco and Oakland, and is also executive director of the industry group Supernova Women. “We need more protection, and we need more funds and resources to improve security, so we can protect ourselves.” According to Forbes, “in the past two weeks, at least 25 cannabis businesses—including retail storefronts as well as cultivation and distribution centers— in Oakland alone have been burglarized, with damages in excess of $5 million.”

Organized Retail Crime is a problem currently impacting the entire retail industry, although cannabis incidents have tended to be more likely to involve firearms. Tucky Blunt, co-owner of East Oakland’s Blunts + Moore stated during a Zoom call with Oakland PD this week, “Someone’s going to die on one of those sites and that’s going to be the downfall of this business and we can’t have that,” said Blunt. “All I’m asking is if you know, this type of stuff is going on, send an extra cop around my area. Park one at my store. Just do things that we can do to work together.” Oakland Police Chief LeRonne Armstrong did emphasize at a press conference that he doesn’t “want to see security companies engaged in gunfire with individuals. I don’t want to see these gun battles that are occurring as a result of these armed suspects coming to these locations.” Of course relations and trust with law enforcement have a long way to go in the cannabis industry, particularly after reports of police appearing to be watching a dispensary burglary unfold in San Francisco.

Retailers need help from local law enforcement to stop the scourge, and many cities like Oakland have promised to beef up their presence in at-risk areas, as well as the state of California where Gov. Newsom has indicated there would be an “exponential level of support” in his upcoming budget to address the retail thefts. Loss Prevention Magazine acknowledges that “some retailers may also be wondering if visible security personnel are now needed to provide deterrence. If so, is it smarter to use direct hires, contract officers, or off-duty police?” The LPM article highlights considerations in the choice of contract officers vs. direct hires.

Cannabis ISAO will continue to monitor the ongoing rise in dispensary robberies, as well as share latest resources and best practices for preventing the crimes. Some of the other headlines related to this ongoing threat include:

Vermont Cannabis Control Board Warns of Scam

The Vermont Cannabis Control Board recently received notification of a scam targeting prospective participants in the adult-use cannabis marketplace. A caller reached out to a local business claiming to be from the Board and demanded cash as well as other information from the business, including photographs of their premises, in order to avoid further fines. According to the alert “The Board does not and will not demand money over the phone. The Board will never call, email, or text you to demand cash, assets, or personal information without giving you time to consider your options as part of a clearly established adjudicative process.”

In June, we reported on a similar scam that had been reported by Colorado Marijuana Enforcement Division(MED). The June 7 memo alerted cannabis business owners that con artists haven’t disappeared, despite multiple warnings from the MED. This is the fourth memo the MED has sent the industry since last October, with 48 fraud attempts (20% successful) reported across the state during that span. “Suspects successfully deceived employees into delivering cash or providing prepaid purchase card numbers, defrauding businesses of tens of thousands of dollars,” the MED memo notes.

These scams can easily be replicated in any jurisdiction. These examples can be used as valuable case studies for employee training.

Natural Events

COVID Omicron Variant- What to Know

The more COVID-19 circulates, the more opportunities the virus has to change, and the more new mutations we can expect to see; Delta and Omicron are examples of that. Omicron is a variant of concern because it has dozens of mutations that can affect the way it behaves. Due to this mutation profile, it needs to be further investigated for its potential impacts. The most important thing people can do is to stop the virus at its source by completing their vaccine series as soon as possible and continuing to protect themselves with all other proven preventive measures. The World Health Organization (WHO) spoke to Dr Richard Pebody, who leads the High-threat Pathogen team and the Surveillance and Laboratory pillar of the COVID-19 Incident Support Management Team (IMST) at WHO/Europe to find out more about the variant, why it is of concern and what can be done to control it.

Dr. Pebody was specifically asked “As we are approaching the festive season, what do you recommend to people around the Region in view of this new variant?” Dr. Pebody responded that “Winter holidays are a time for family, community and renewal, and this is the second year that we are called to exercise high caution. Indoor gatherings, even smaller ones, can give the virus a ground to thrive. Gatherings and celebrations should be held outside if possible, and participants should wear masks and maintain physical distancing. If held indoors, limiting group size and ensuring good ventilation to reduce exposure risk are key. This can be done by opening a door or window when safe to do so. All preventive measures that work against the Delta variant continue to be effective against Omicron, based on data so far. Getting vaccinated with complete doses and taking all other preventive measures will minimize the risk of infection.” 

In the U.S. the Omicron variant has now been identified in multiple states. Just a day after the first known U.S. case was found in California, tests showed the omicron variant had infected at least five people in the New York City metropolitan area, plus a man from Minnesota who had attended an anime convention in Manhattan in late November. Health officials in each state said there was no cause for undue alarm. But the spread of the cases, some involving people who hadn’t been away from home recently, meant the variant was likely already circulating domestically in some parts of the U.S.

Be sure to check back every Tuesday as we publish our Library Card Series where we highlight one of the resources available in our library!

Check out the latest blog highlighting issues important to cannabis security!