Imagine a plant manager coming into work to discover that their most critical assets for production are inaccessible and the only way to gain control again is to pay a large amount of money to a stranger. The company can potentially lose millions of dollars in production because an entire line of production is shut down and held for ransom. That’s what manufacturing plants can face when they are the victim of a ransomware attack.
“Ransomware is malware that threatens to block access to the victim’s data and in most cases ability to operate their business unless a ransom is paid,” explains Kevin Romer, Network Engineer for CBT. “It is becoming an increasingly common method cybercriminals use to extort money from individuals and organizations alike.”
Manufacturers need to be vigilant as ransomware attacks against US manufacturing plants are on the rise, according to data from Dragos, a firm that specializes in cybersecurity for industrial systems. Manufacturing suffered an increase of 107% for cyberattacks in 2022 over 2021, with 2023 continuing that negative trend.
A device or system held for ransom is usually the result of an end-user being deceived, Romer says.
“Most of the time a bad actor gains unauthorized access through users mistakenly clicking on emails, phishing attempts, and other social engineering attacks,” Romer explains.
Once inside, hackers often sit in the network for a period of time, sometimes as long as six months, before launching their attack, Romer explains.
“During this time, they get to know the system and the end customer, trying to learn and understand what is critical to the business so that they can encrypt to cripple companies and require them to pay a ransom, and additionally exfiltrate data,” Romer says.
Taking the Proper Steps to Defend Your Assets
First and foremost, it’s essential to implement a holistic approach to security, Romer stresses. This means adding a robust system of safeguards, such as educating employees and users about the importance of cybersecurity and regularly auditing systems for any unusual activity or unauthorized access.
“Most ransomware attacks come through human error, so ensuring that employees are aware of the risks and trained to identify phishing scams and other social engineering tactics can go a long way in preventing attacks,” Romer explains.
Additionally, keeping software and systems up to date is critical. Many ransomware attacks exploit vulnerabilities in outdated software, so ensuring that software is patched and up to date is essential in protecting against attacks. Some insurance providers have begun offering discounts for those who take out policies for their digital holding, Romer includes.
“One of the biggest issues manufacturers face is the machines they purchase are designed to run typically for 10 to 15, even 20 years,” Romer says. “But with that machine, there’s a significant amount of cost involved in updating that machine. And if you have a 24/7 operation, it’s functionally prohibitive to temporarily shut down your line, maintain a fully running system, and keep all the security updates. At the same time, not keeping your systems updated is a risk that may outweigh the profit or production you may yield on any given day.”
While ransomware may be focused on IT, the attacks threaten OT systems as well and the guidance for handling the two issues are different.
“It’s important to acknowledge that threats surrounding OT systems are increasing, and they are growing more diverse,” says Ben Miller, Vice President of Services at Dragos. “Customized guidance being released by CISA/NSA is important as it recognizes that OT is different than IT, and we can’t just duplicate our security programs is important for critical infrastructure and any manufacturer to understand.”
Ransomware attacks are becoming increasingly common and pose a significant threat to individuals and organizations. A recent ransomware intrusion on a semiconductor firm cost the company $250 million to recover from, according to CPO Magazine. Recovery from a ransomware attack can potentially take weeks, Romer says.
“I can’t stress how important it is to implement protection protocols on your most critical equipment,” Romer says.
Need an analysis of your cybersecurity measures? Contact one of our CBT Specialists.
