Brown-Forman, the us Spirits manufacturer, and owner of well-known brands such as b. jack Daniel was recently the victim of a ransomware attack. This puts the Company in good company - according to the official annual cybercrime report In 2019, a company falls victim to a ransomware attack every 14 seconds.
Bloomberg said hackers stole over
a terabyte of data when they breached
Brown-Forman's network, including files that were over a
decade old. But the American spirits manufacturer is only the latest
prominent victim of a ransomware attack. Nissan,
Renault, CE Niehoff, and even the UK NHS have been infiltrated in the past, with
disastrous financial consequences and reputational damage.
Ransomware is
malicious software that prevents users from accessing computer systems or
devices until a ransom (ransom) is paid. Such malware finds and
encrypts valuable data and locks users out of their own operating system. In
return for the decryption code, payment of ransom is required, usually in the
form of bitcoins or other cryptocurrencies.
In the case of
manufacturers, the data held hostage may be information obtained from
operational technologies such as pumps, compressors, and motors. Or it can
be valuable customer data that, if disseminated, could lead to serious breaches
of data security. Also, there is no guarantee that after paying the
ransom, those affected will regain access to their devices and data, which is
why prevention is ultimately still the best strategy in this context.
A Brief Overview of The Evolution of Ransomware Attacks
The first
ransomware attack took place in 1989, but it was unsuccessful due to a serious
design flaw - the decryption code could be easily extracted from the code of
the attacking Trojan, so the victims did not have to pay a ransom. As
primitive as this attack might have been, it was the prelude and created the
conditions for much more sophisticated attacks.
In 2013, the criminal group around "CryptoLocker" made extremely profitable deals
with this ransomware - it is believed that it extorted more than 3 million
dollars from its victims. At that time the technique was quite simple. The
criminals targeted millions of victims in parallel, from college students who
should pay to get their thesis back to large corporations.
The criminals
later realized they could make even more money by targeting entire networks. Instead
of attacking thousands of individual computers and extorting just a few hundred
dollars each, they could make tens of thousands by attacking a single company.
There was also a
major strategic change. By stealing the data before encrypting it, the
criminals can now exert pressure by threatening to publish the data. Even
if the victims have backups of their data, the attackers can still do
significant damage by turning their ransomware attack into a publicly known
data security breach. Because you shouldn't forget that paying the ransom
in no way guarantees that the stolen data will actually be deleted - after all,
you're negotiating with criminals here.
Backup Copies and Updates
Due to the high
level of sophistication of today's ransomware attacks, it is not possible to
protect companies with one hundred percent security. However,
manufacturers can take measures to reduce their attack surface. One of the
most important measures is regular back-ups, i.e. backup copies of data on
multiple platforms.
There have been
cases in which hackers encrypted not only the original data, but also the
network storage drives and cloud storage locations where the corresponding backup
files were located. Plant managers should use multiple backup solutions
and ensure that at least one of them is always offline. They also have to
bear in mind that cloud systems with synchronization services such as Dropbox
or Google Drive may synchronize immediately after data is encrypted by malware, which makes
the backup in question completely useless.
It is equally
important to keep the company's antivirus up
to date. Many antivirus programs today offer extensions that can
detect the encryption of files, and some programs automatically create copies
of the threatening files.
While it may
seem obvious, choosing strong passwords and changing them regularly also plays
an important role in defending against and preventing ransomware attacks. Brute force attacks
are one of the most important vectors for infecting IT systems and account for
31 percent of all attacks. In brute force attacks, hackers try to gain
access to corporate networks by entering as many passwords as possible, usually
with the help of bots. If a company uses common passwords and never updates
them, success for the criminals is all the easier and faster.
The Human Factor
Brute force
attacks are used in the majority of all ransomware attacks, but an infection
can just as easily and easily come from spam and phishing emails. Therefore,
employees should be trained to identify and report suspicious links in their
inbox. Content scanning and e-mail filters can also provide an additional
layer of defense. Such tools are there to detect malicious links and flag
or delete dangerous emails before employees can open or click on them.
While careless
employees may be the most common victims of cyberattacks, managers are arguably
the best target because they typically have access to sensitive information
that is ideal for blackmail. It is therefore important that senior
executives adhere to the same security policies that are enforced in the rest
of the organization.
Often, managers
have lower security standards than any other employee. For example, they
enjoy more freedom about using their own devices and activities
outside the company's own firewall. If
the CFO keeps sensitive data in a spreadsheet on a private computer instead of
securely storing it in the cloud, it increases the risk of a cyber attack.
Finally, it is
vital that organizations develop a disaster recovery plan that includes
responding to a ransomware attack. Such a plan should include, on the one
hand, the company's technical strategy, such as cleaning the company's own
equipment and reinstalling the data from backups, and, on the other hand, the
broader strategy for dealing with legal consequences and minimizing damage to
the company's reputation.
For example,
manufacturers should check with their insurance provider whether their insurance covers the costs associated with a ransomware attack. It can
also, be useful to develop a solid PR strategy to explain the situation to
clients, investors, and the press if the worst comes to the worst.
While these
preventive measures cannot completely rule out ransomware attacks, they do
enable companies to react quickly and efficiently if they should fall victim to
such an attack.
Comments
Post a Comment