By Mary Grlic
Did you know that the manufacturing industry has become the #1 target for cyberattacks, according to an IBM report? Manufacturing is becoming a huge target for ransomware attacks. Increasing cybersecurity is becoming a huge priority for these organizations that are suffering from such threats. It is important for manufacturers to understand the risks of ransomware as well as how they can avoid any risks, threats, or attacks.
What is Ransomware?
Ransomware is any malware (malicious software) that hackers use to lock data until it is paid off by a ransom fee. During a ransomware attack, a hacker may steal an organization’s data and encrypt files so that they cannot be accessed. By holding this data “ransom,” victims will need to pay a fee (typically in cryptocurrency) to get their data back. If they do not buy into this, an organization may run the risk of a data breach, information leak, or complete destruction or loss of corrupted data.
Attacks can happen to any industry or organization. Ransomware is often spread when individuals click a link or access a malicious web site that is meant to deploy malware onto their device. Hackers commonly use a tactic known as phishing in which they disguise malicious links with legitimate or reputable titles in order to have users click on it and open up a virus on their device. In the case of ransomware, the software that spreads on the device will lock files with an encryption key. Now, they will be inaccessible to the user unless they have a decryption key. In this case, the user must pay the ransom fee to decode the files and regain access.
Why is Manufacturing at Such High Risk?
Manufacturing is becoming a huge target of ransomware attacks. An NTT Global Threat Intelligence report from May 2021 revealed that attacks on the manufacturing industry increased by 300% in the previous year. But why is manufacturing experiencing such a huge increase in cyberattacks? There is a wide surface area (places within a system) where criminals can attack. Within a manufacturing industry, for example, there is a lot of specialized equipment that runs on software. Once a hacker has a hold of that, they can practically control anything, putting the company at a huge liability. Second, there are not many security workforces that protect manufacturing devices. The lack of cybersecurity puts them at a huge risk for ransomware.
According to a SOPHOS 2021 study, 36% of manufacturing and production organizations were affected by ransomware. Unfortunately, nearly half of the data subjected to ransom was unrecoverable. The average ransom bill in the manufacturing industry, including downtime, data reacquisition, lost opportunities, and more, was $1.52 million (USD). These costs clearly created a financial and departmental burden for companies.
Recent Manufacturing Ransomware Attacks
Acer Suffers Ransomware Attacks
Acer, a leading electronics manufacturer, was affected by a $50 million ransomware attack. The company was breached through some released images of files that a hacking group known as REvil stole. They exploited files like financial spreadsheets, banking balances, and banking communications. REvil was also responsible for a 2020 ransomware attack on a currency exchange company known as Travelex. REvil demanded that Acer give $50 million in ransom payments to retrieve encrypted data, marking the greatest ransom value of its time.
Acer was hit with even more cyber attacks at the end of 2021, two attacks occurring during the same week. This time the Desorden Group claimed to be responsible for both cyber attacks to prove “that Acer is way behind in its cybersecurity effects on protecting its data and is a global network of vulnerable servers.” Acer immediately responded to the attack with safety protocols and a full system scan to notify all potentially affected customers.
Quanta Manufacturing Company also Experiences REvil Attacks
Similar to Acer, the REvil group also demanded a $50 million random payment from Quanta, a computer manufacturer and one of Apple’s major business partners. Quanta refused to negotiate and pay the fees to REvil, so the ransom group chose to threaten Apple instead. They started to leak Apple data from Quanta, but soon after, seemed to call off the attack.
DoppelPaymer Attack on Visser Precision Manufacturing
Visser Precision was involved in a cybersecurity incident during March 2020. Visser, based in Denver, Colorado is a leading parts manufacturer for Tesla and SpaceX. The company confirmed that they were a victim to a cybersecurity incident which included the unauthorized acquisition of data. The attack on the manufacturing company was likely caused by the DoppelPaymer ransomware, which is a new type of malware that exfiltrates company data. If the organization does not pay a ransom fee, this system threatens to publish all stolen and encrypted files.
The DoppelPaymer ransomware published Visser’s stolen files onto a website, including information like customer names including Tesla and Lockheed Martin. Some of these files were even available to download. With such confidential files being exposed through the internet, it is clear just how dangerous a ransomware attack can be for manufacturing companies.
Norsk Hydro Attacked by LockerGoga
In 2019, the Norwegian company Norsk Hydro experienced a ransomware attack by LockerGoga. The breach ultimately affected all 35,000 Norsk Hydro employees in 40 different countries. The breach seemed to be months in the making. When an employee unknowingly opened an infected email that was allegedly from a reliable source, it caused malware to deploy onto devices. This is a prime example of a phishing scam that had detrimental effects on the company. LockerGoga encrypted some of Norsk Hydro’s documents, PDFs, spreadsheets, slideshows, database files, video media, Java files, and Python files.
After becoming aware of the ransomware attack, executives chose not to pay a ransom fee. Instead they would get assistance from Microsoft to help restore their system. Norsk Hydro was fully open about the security threat rather than hiding it, gaining a lot of accolades from experts in the security field.
Colonial Pipeline Breach
In late April, the Colonial Pipeline breach gained a lot of news coverage. DarkSide, a criminal hacking gang, was to blame for the ransomware attack that caused failure in the United States’ fuel services. This breach did not only impact private information, but it also directly affected most Americans who need gasoline. By hacking the pipeline, the DarkSide gang targeted the manufacturing firm’s billing system and internal business network. This caused gasoline shortages in some parts of the US. Residents of the US started to panic after hearing about the shortage, causing some chaos within the states. This breach was especially dangerous because it impacted more than just the company. The Colonial Pipeline paid $4.4 million (Bitcoin) as a ransom fee. US law enforcement luckily recovered a good amount of the payment. The FBI traced the source of the crypto payment but was still unable to find the actual hackers.
How can Manufacturing Firms Prevent Ransomware?
With proper cybersecurity guidelines, manufacturing firms can take proactive measures to prevent a ransomware attack the best they can. Ransomware is a huge cybersecurity risk that can greatly affect a manufacturer’s process. Similar to other organizations, manufacturing companies can have a lot to lose and this can be harmful to customers, employees, and overall business operations. Here are some ways that manufacturing firms can protect against ransomware attack:
Replace or do not use older equipment.
This is crucial especially for manufacturing firms because they often have outdated or older systems that are a part of their manufacturing processes. These systems may put your cybersecurity at risk and make you more vulnerable to cyberattacks.
Monitor devices and systems.
By having a secure monitoring system, your organization can be sure that there will be no or limited harm done to your organization. As with other businesses, monitoring can ensure that you can be aware of and up to date with anything before the damage is done.
Eliminate shared login credentials.
Although these may seem easy for every person to remember, it can also put your company at risk. Once a hacker knows one credential, they will be able to access every system, since the same login credentials are shared. To avoid this sort of access, try to have unique logins for each person.
Follow safety guidelines.
Manufacturing organizations must comply with certain cybersecurity state and federal regulations to ensure maximum security of their information. Additionally, if they do not follow these safeguards, they could be putting their business at risk. NIST (National Institute of Standards and Technology) shares a few resources for manufacturing security compliance.