Ransomware Evolves, Security Tries to Keep Pace

A closer look at how this threat continues to grow, and how it impacted one of its latest victims: Jack Daniel's.

Eus261 Refuse Ransomware Image 1

Bloomberg recently reported that U.S. liquor giant Brown-Forman, the owner of Jack Daniel’s whiskey, had been victim to a ransomware attack. Unfortunately, Brown-Forman is not alone. The 2019 Official Annual Cybercrime Report by Cybersecurity Ventures states that another business falls victim to ransomware every 14 seconds. 

Ransomware is a type of malware that prevents users from accessing their system or files and demands ransom payment to regain access. According to Bloomberg, when Brown-Forman’s network was infiltrated, hackers stole more than one terabyte of data, including potentially sensitive data. The U.S. liquor corporation is just one of the victims of ransomware. 

For manufacturers, kidnapped data could be information obtained from operational technology like pumps, compressors and motors. Sounds relatively harmless, doesn’t it? But, even in the manufacturing realm, it could also be valuable customer data that is lost, leading to serious data breaches if released. Moreover, there is no guarantee that paying the ransom will result in victims  regaining access to their devices and data, which is why prevention remains the best strategy.

The Rise

The first ransomware attack dates to 1989. Thankfully, it failed due to a severe design flaw. The decryption key was extracted from the code of the trojan that delivered the attack, so victims didn’t need to pay any kind of ransom. However, this example set the stage for the more complex attacks we see today. 

Back in 2013, the CryptoLocker gang made ransomware a very profitable affair, and is believed the group extorted more than $3 million from their victims. The technique was simple: criminals targeted millions of victims in parallel, making the likelihood of success higher. Typically, these attacks targeted students, who would pay to get their dissertations back. 

Criminals soon realized they could maximize their profits by targeting entire networks — including large-scale organisations. Instead of attacking thousands of individual computers for a few hundred dollars each, they could target a single company for tens of thousands of dollars. 

While the lucrative nature of cyber-attacks against industries like banking and finance are obvious, the threat of ransomware isn’t spoken about as much in the manufacturing realm. That said, the risk is just as high. 

Like all other commercial sectors, manufacturers often hold personal data — including that of their customers and other businesses within their supply chain. That’s not to mention sensitive data related to product development. Not only is this confidential from an intellectual property (IP) perspective, but for sectors like food and beverage and pharmaceutical manufacturing, protecting this information is critical to protecting the health and safety of customers. 

Update, Update and Update Again

The complexity of today’s ransomware makes it nearly impossible to completely protect a business. However, there are steps manufacturers can take to minimize their attack surface. Remember, cyber security strategies cannot remain stagnant and must continue to adapt and improve over time. 

A good first step is backing up data on multiple platforms. While this doesn’t protect unauthorised access to confidential data, it can help manufactures to restore non-sensitive data, should it be compromised. That being said, there have been cases where hackers have encrypted not only the original data, but the network storage drives and cloud locations containing backups as well. To avoid this, plant managers should use multiple back-up solutions and make sure that at least one of them is offline at any given time. 

While it might seem obvious, choosing secure passwords and changing them regularly is also key to preventing ransomware. In fact, ’brute force’ attacks are the most common, accounting for 31 percent of total attacks. In brute force attacks, hackers try to access corporate networks by inputting as many passwords as possible, usually with the help of bots. 

Naturally, this hack is easier to achieve if the company uses common passwords and never updates them. 

The Human Factor

While most ransomware attacks use brute force, an infection can easily spread from spam and phishing emails. To avoid this, employees should be trained to recognize and report suspicious links that end up in their inboxes. 

Using content scanning and email filters adds an extra layer of protection. These tools help detect malicious links and delete or flag dangerous emails before staff might click on them. This is particularly important in the manufacturing realm, where enterprise and IT systems are not commonly used by production staff, and therefore best practice guidelines are not always implemented. 

Even in a traditional manufacturing facility, where most employees spend their time on the factory floor, it is vital that every worker understands cyber security protocols. A simple training session could be adequate to protecting the entire organisation’s data and avoiding a ransomware attack. 

To avoid the likelihood of becoming a ransomware attack victim, like Brown-Forman, manufacturers must protect their assets and ensure employees are trained effectively. Plant managers can seek expert advice on cybersecurity via EU Automation’s Knowledge Hub, which offers tips and tricks on ensuring businesses are protected against cyber threat.

 Claudia Jarrett is the U.S. country manager of automation parts supplier EU Automation.

More