It's nothing personal; cyber criminals just want your money

Posted by Gemma Sirett on December 3, 2019

Disruptive ransomware attacks on manufacturing businesses regularly make headlines. You’ve seen the stories – multinational manufacturing companies are locked out of their IT systems, with attackers demanding untraceable Bitcoin payments in exchange for decryption software to release the files.

Manufacturers are a low effort, high reward target for cyber criminals, and it’s no coincidence that the sector is heavily targeted by ransomware attacks.

Keeping the cogs turning

Updates to production systems can mean costly downtime – when operations aren’t running, nothing is being produced, so the manufacturer can easily fall behind demand. This in turn damages their reputation and has a knock-on impact to the supply chain and infrastructure that relies on continued production. Keeping production going is therefore prioritised over keeping systems up-to-date, which leaves manufacturers vulnerable to compromise through unpatched vulnerabilities.

This production-dependent mindset is a weakness in itself. Threat actors know that manufacturers are more likely to pay a ransom, to minimise downtime and get their operations back up and running ASAP.

Why ransomware?

Manufacturers are specifically targeted for their IP and supply chain connections to top secret contracts, through sophisticated and stealthy social engineering attacks. But ransomware is the weapon of choice for more opportunistic cyber criminals, looking for an easy payday. Why bother going to the effort of researching and crafting a clever attack when you can just hold their systems ransom until they pay up?

With WannaCry and NotPetya now household names, ransomware attacks show no signs of slowing down or fading into memory (pun intended). In fact, the UK experienced a 195% increase in ransomware attacks in the first half of 2019[1]. Unpatched system weaknesses make manufacturers particularly vulnerable to indiscriminate drive-by ransomware attacks. Cyber criminals aren’t too fussed who the victims are, as long as they get their money – manufacturers just make it easy for them.

Would you pay?

Despite abundant available guidance to the contrary, businesses are still paying ransoms to threat actors in the hopes of regaining access to their systems and files, often in secret to avoid reputational damage. Europol, the EU’s law enforcement agency, has condemned this worrying trend by warning that paying a ransom only makes the cyber threat landscape worse.

“Companies need to understand that if you continue to pay a ransom, it perpetuates the crime. It encourages the criminals to commit further crimes. If you pay, you’re fuelling organised crime on a global basis”
Steven Wilson, Europol’s Head of the European Cybercrime Centre[2]

When Norsk Hydro, a global aluminium producer, was hit by LockerGoga ransomware back in March, their entire global workforce of 35,000 employees had to resort to pen and paper, as well as manual tasks that had long ago been replaced by computers and machinery[2]. But they refused to pay the ransom, and were commendably transparent and honest with their customers, supply chain, and the press about the attack. The manufacturer’s Chief Information Officer, Jo De Vliegher, agrees with Europol that “in general, it’s a very bad idea to pay. It fuels an industry and it’s probably financing other sorts of crime”[2]. Norsk Hydro’s backup regime restored access to their data once the malware had been cleared from their systems, all without paying the attackers a penny.

Three ways to protect your systems against ransomware

  1. Assess your company’s risk appetite – how prepared are you for your systems to be unavailable? Could you continue production? The cyber attacks against manufacturers that make headlines are almost exclusively ransomware attacks. Take steps to ensure your company isn’t the next to make the front page.
  2. Implement a robust patch management plan to ensure your systems are always up-to-date. Attackers will be on the lookout for readily exploitable vulnerabilities – don’t make it easy for them.
  3. Look out for suspicious and malicious activity lurking in your systems. Proactive threat hunting enables you to identify and remove attacks before they cause damage to your IT estate and company’s reputation.

Find out more about how CORVID can benefit the manufacturing sector.

Footnotes
  1. IT Pro
  2. BBC News