fbpx
August 5, 2022
by Mary Grlic
aruba

Protecting The Manufacturing Industry Against Ransomware

By Mary Grlic Did you know that the manufacturing industry has become the #1 target for cyberattacks, according to an IBM report? Manufacturing is becoming a huge target for ransomware…...
"

Start reading

By Mary Grlic

Did you know that the manufacturing industry has become the #1 target for cyberattacks, according to an IBM report? Manufacturing is becoming a huge target for ransomware attacks. Increasing cybersecurity is becoming a huge priority for these organizations that are suffering from such threats. It is important for manufacturers to understand the risks of ransomware as well as how they can avoid any risks, threats, or attacks. 

What is Ransomware?

Ransomware is any malware (malicious software) that hackers use to lock data until it is paid off by a ransom fee. During a ransomware attack, a hacker may steal an organization’s data and encrypt files so that they cannot be accessed. By holding this data “ransom,” victims will need to pay a fee (typically in cryptocurrency) to get their data back. If they do not buy into this, an organization may run the risk of a data breach, information leak, or complete destruction or loss of corrupted data. 

Attacks can happen to any industry or organization. Ransomware is often spread when individuals click a link or access a malicious web site that is meant to deploy malware onto their device. Hackers commonly use a tactic known as phishing in which they disguise malicious links with legitimate or reputable titles in order to have users click on it and open up a virus on their device. In the case of ransomware, the software that spreads on the device will lock files with an encryption key. Now, they will be inaccessible to the user unless they have a decryption key. In this case, the user must pay the ransom fee to decode the files and regain access. 

Why is Manufacturing at Such High Risk?

Manufacturing is becoming a huge target of ransomware attacks. An NTT Global Threat Intelligence report from May 2021 revealed that attacks on the manufacturing industry increased by 300% in the previous year. But why is manufacturing experiencing such a huge increase in cyberattacks? There is a wide surface area (places within a system) where criminals can attack. Within a manufacturing industry, for example, there is a lot of specialized equipment that runs on software. Once a hacker has a hold of that, they can practically control anything, putting the company at a huge liability. Second, there are not many security workforces that protect manufacturing devices. The lack of cybersecurity puts them at a huge risk for ransomware. 

According to a SOPHOS 2021 study,  36% of manufacturing and production organizations were affected by ransomware. Unfortunately, nearly half of the data subjected to ransom was unrecoverable. The average ransom bill in the manufacturing industry, including downtime, data reacquisition, lost opportunities, and more, was $1.52 million (USD). These costs clearly created a financial and departmental burden for companies. 

Recent Manufacturing Ransomware Attacks

Acer Suffers Ransomware Attacks

Acer, a leading electronics manufacturer, was affected by a $50 million ransomware attack. The company was breached through some released images of files that a hacking group known as REvil stole. They exploited files like financial spreadsheets, banking balances, and banking communications. REvil was also responsible for a 2020 ransomware attack on a currency exchange company known as Travelex. REvil demanded that Acer give $50 million in ransom payments to retrieve encrypted data, marking the greatest ransom value of its time. 

Acer was hit with even more cyber attacks at the end of 2021, two attacks occurring during the same week. This time the Desorden Group claimed to be responsible for both cyber attacks to prove “that Acer is way behind in its cybersecurity effects on protecting its data and is a global network of vulnerable servers.” Acer immediately responded to the attack with safety protocols and a full system scan to notify all potentially affected customers. 

Quanta Manufacturing Company also Experiences REvil Attacks

Similar to Acer, the REvil group also demanded a $50 million random payment from Quanta, a computer manufacturer and one of Apple’s major business partners. Quanta refused to negotiate and pay the fees to REvil, so the ransom group chose to threaten Apple instead. They started to leak Apple data from Quanta, but soon after, seemed to call off the attack. 

DoppelPaymer Attack on Visser Precision Manufacturing

Visser Precision was involved in a cybersecurity incident during March 2020. Visser, based in Denver, Colorado is a leading parts manufacturer for Tesla and SpaceX. The company confirmed that they were a victim to a cybersecurity incident which included the unauthorized acquisition of data. The attack on the manufacturing company was likely caused by the DoppelPaymer ransomware, which is a new type of malware that exfiltrates company data. If the organization does not pay a ransom fee, this system threatens to publish all stolen and encrypted files. 

The DoppelPaymer ransomware published Visser’s stolen files onto a website, including information like customer names including Tesla and Lockheed Martin. Some of these files were even available to download. With such confidential files being exposed through the internet, it is clear just how dangerous a ransomware attack can be for manufacturing companies. 

Norsk Hydro Attacked by LockerGoga

In 2019, the Norwegian company Norsk Hydro experienced a ransomware attack by LockerGoga. The breach ultimately affected all 35,000 Norsk Hydro employees in 40 different countries. The breach seemed to be months in the making. When an employee unknowingly opened an infected email that was allegedly from a reliable source, it caused malware to deploy onto devices. This is a prime example of a phishing scam that had detrimental effects on the company. LockerGoga encrypted some of Norsk Hydro’s documents, PDFs, spreadsheets, slideshows, database files, video media, Java files, and Python files. 

After becoming aware of the ransomware attack, executives chose not to pay a ransom fee. Instead they would get assistance from Microsoft to help restore their system. Norsk Hydro was fully open about the security threat rather than hiding it, gaining a lot of accolades from experts in the security field.

Colonial Pipeline Breach

In late April, the Colonial Pipeline breach gained a lot of news coverage. DarkSide, a criminal hacking gang, was to blame for the ransomware attack that caused failure in the United States’ fuel services. This breach did not only impact private information, but it also directly affected most Americans who need gasoline. By hacking the pipeline, the DarkSide gang targeted the manufacturing firm’s billing system and internal business network. This caused gasoline shortages in some parts of the US. Residents of the US started to panic after hearing about the shortage, causing some chaos within the states. This breach was especially dangerous because it impacted more than just the company. The Colonial Pipeline paid $4.4 million (Bitcoin) as a ransom fee. US law enforcement luckily recovered a good amount of the payment. The FBI traced the source of the crypto payment but was still unable to find the actual hackers. 

How can Manufacturing Firms Prevent Ransomware?

With proper cybersecurity guidelines, manufacturing firms can take proactive measures to prevent a ransomware attack the best they can. Ransomware is a huge cybersecurity risk that can greatly affect a manufacturer’s process. Similar to other organizations, manufacturing companies can have a lot to lose and this can be harmful to customers, employees, and overall business operations. Here are some ways that manufacturing firms can protect against ransomware attack:

Replace or do not use older equipment. 

This is crucial especially for manufacturing firms because they often have outdated or older systems that are a part of their manufacturing processes. These systems may put your cybersecurity at risk and make you more vulnerable to cyberattacks.

Monitor devices and systems. 

By having a secure monitoring system, your organization can be sure that there will be no or limited harm done to your organization. As with other businesses, monitoring can ensure that you can be aware of and up to date with anything before the damage is done. 

Eliminate shared login credentials. 

Although these may seem easy for every person to remember, it can also put your company at risk. Once a hacker knows one credential, they will be able to access every system, since the same login credentials are shared. To avoid this sort of access, try to have unique logins for each person.

Follow safety guidelines.

Manufacturing organizations must comply with certain cybersecurity state and federal regulations to ensure maximum security of their information. Additionally, if they do not follow these safeguards, they could be putting their business at risk. NIST (National Institute of Standards and Technology) shares a few resources for manufacturing security compliance

0 Comments

aruba

Pick your next post

Why Every Organization Needs Managed IT Services

Why Every Organization Needs Managed IT Services

When your computer battery dies, how do you get it to work? If your internet connection fails, how will it get back up? If you need to access storage from a lost or damaged device, how do you find it? With so much of our organizations relying on technology, it is...

read more
How Many IP Addresses Are There?

How Many IP Addresses Are There?

An Internet Protocol address (IP) uniquely identifies each device connected to the Internet. Computers connected to the Internet share information with a particular location using IP addresses. An IP address has two distinct versions. The older of the two Internet...

read more
What is Remote Desktop Protocol (RDP)?

What is Remote Desktop Protocol (RDP)?

Remote Desktop Protocol (RDP) is a secure layered network communication protocol developed by Microsoft that enables network administrators to diagnose problems that users encounter remotely and provide users secure remote access to their physical work desktop...

read more
What is a Brute Force Attack?

What is a Brute Force Attack?

A brute force attack is a hacking method where it uses the trial and error method to crack passwords, login credentials, and encryption keys. It is a simple but effective and reliable method for gaining access to individual account and organization systems and...

read more