It's nothing personal; cyber criminals just want your money

Posted by Gemma Sirett on December 3, 2019

Disruptive ransomware attacks on manufacturing businesses regularly make headlines. You’ve seen the stories – multinational manufacturing companies are locked out of their IT systems, with attackers demanding untraceable Bitcoin payments in exchange for decryption software to release the files.

Manufacturers are a low effort, high reward target for cyber criminals, and it’s no coincidence that the sector is heavily targeted by ransomware attacks.

Keeping the cogs turning

Updates to production systems can mean costly downtime – when operations aren’t running, nothing is being produced, so the manufacturer can easily fall behind demand. This in turn damages their reputation and has a knock-on impact to the supply chain and infrastructure that relies on continued production. Keeping production going is therefore prioritised over keeping systems up-to-date, which leaves manufacturers vulnerable to compromise through unpatched vulnerabilities.

This production-dependent mindset is a weakness in itself. Threat actors know that manufacturers are more likely to pay a ransom, to minimise downtime and get their operations back up and running ASAP.

Why ransomware?

Manufacturers are specifically targeted for their IP and supply chain connections to top secret contracts, through sophisticated and stealthy social engineering attacks. But ransomware is the weapon of choice for more opportunistic cyber criminals, looking for an easy payday. Why bother going to the effort of researching and crafting a clever attack when you can just hold their systems ransom until they pay up?

With WannaCry and NotPetya now household names, ransomware attacks show no signs of slowing down or fading into memory (pun intended). In fact, the UK experienced a 195% increase in ransomware attacks in the first half of 2019[1]. Unpatched system weaknesses make manufacturers particularly vulnerable to indiscriminate drive-by ransomware attacks. Cyber criminals aren’t too fussed who the victims are, as long as they get their money – manufacturers just make it easy for them.

Would you pay?

Despite abundant available guidance to the contrary, businesses are still paying ransoms to threat actors in the hopes of regaining access to their systems and files, often in secret to avoid reputational damage. Europol, the EU’s law enforcement agency, has condemned this worrying trend by warning that paying a ransom only makes the cyber threat landscape worse.

“Companies need to understand that if you continue to pay a ransom, it perpetuates the crime. It encourages the criminals to commit further crimes. If you pay, you’re fuelling organised crime on a global basis”
Steven Wilson, Europol’s Head of the European Cybercrime Centre[2]

When Norsk Hydro, a global aluminium producer, was hit by LockerGoga ransomware back in March, their entire global workforce of 35,000 employees had to resort to pen and paper, as well as manual tasks that had long ago been replaced by computers and machinery[2]. But they refused to pay the ransom, and were commendably transparent and honest with their customers, supply chain, and the press about the attack. The manufacturer’s Chief Information Officer, Jo De Vliegher, agrees with Europol that “in general, it’s a very bad idea to pay. It fuels an industry and it’s probably financing other sorts of crime”[2]. Norsk Hydro’s backup regime restored access to their data once the malware had been cleared from their systems, all without paying the attackers a penny.

Three ways to protect your systems against ransomware

  1. Assess your company’s risk appetite – how prepared are you for your systems to be unavailable? Could you continue production? The cyber attacks against manufacturers that make headlines are almost exclusively ransomware attacks. Take steps to ensure your company isn’t the next to make the front page.
  2. Implement a robust patch management plan to ensure your systems are always up-to-date. Attackers will be on the lookout for readily exploitable vulnerabilities – don’t make it easy for them.
  3. Look out for suspicious and malicious activity lurking in your systems. Proactive threat hunting enables you to identify and remove attacks before they cause damage to your IT estate and company’s reputation.

Download our free articleFive boring but really important security mistakes you need to stop making

Cyber security can be dull, but ignoring it won't make the problem go away. Turning a blind eye to your cyber defences leaves your business vulnerable to state-sponsored and ransomware attacks.

Download our free PDF guide to find out the top five critical security mistakes your manufacturing business is making, and what preventative measures can be put in place to solve them.

Download now

Find out more about how CORVID can benefit the manufacturing sector.

Footnotes
  1. IT Pro
  2. BBC News

More CORVID blog posts

Three ways your website is making it easy for attackers

Cyber attackers are quietly appreciative of businesses across all sectors for making their job easier. With all the information they need to craft their attack laid out neatly in ...

Rockin' around the cyber security contract

Aside from the usual “strict diet and fitness regime starts on 1 January” resolution that everyone makes and forgets by February, now is the perfect time to take stock of your ...

It's nothing personal; cyber criminals just want your money

Disruptive ransomware attacks on manufacturing businesses regularly make headlines. You’ve seen the stories – multinational manufacturing companies are locked out of their IT systems, ...

Most popular posts

1. Law firms and cyber crime; the growing threat to the UK legal sector

2. Why cyber criminals target the manufacturing industry

3. Want an easy way to save yourself £35k? Delete emails from your CEO

4. How to effectively manage, detect and respond to a data breach

5. Four questions you need to answer after a cyber attack

View all blog posts

CORVID - Intelligent Cyber Defence

+44(0)1242 651251 | Arle Court, Hatherley Lane, Cheltenham, GL51 6PN

We’re an experienced team of cyber security experts, developers and analysts based in Cheltenham, UK, who are passionate about delivering innovative, robust and extensive cyber defence solutions and services to help protect businesses against cyber threats.

Get in touch

Copyright © 2020 CORVID | Privacy Policy | Cookie Policy
Visit the CORVID LinkedIn pageVisit the CORVID Twitter pageView the CORVID YouTube channel