Manufacturing most vulnerable to ransomware attacks

Research by encrypted cloud service provider NordLocker has revealed that manufacturing comes close-second to construction as the sector most likely to be targeted by ransomware gangs.

Ransomware is a type of malicious software that is capable of causing harm: blocking system access, distributing confidential data from the network or erasing crucial data. Ransomware is distributed by covert installation into its victims’ systems, through email attachments that look like legitimate files, or by enticing users to click links to insecure websites. Once installed, the ransomware gangs contact the victims and literally hold them to ransom – demanding payment on threat of enacting the malicious software’s purpose, whether that be file deletion or distribution of confidential information.

NordLocker’s study shows the business sectors that have faced the most ransomware attacks in 2020 and 2021. After a thorough analysis of 1,200 companies hit by 10 infamous ransomware gangs, 35 of the most victimised industries were identified.

“The latest statistics indicate that a worrying 37% of companies worldwide became victims of ransomware in 2020,” says Oliver Noble, a cybersecurity expert at NordLocker. “From Campari Group in the food & beverage industry to Baltimore County public schools in the education sector, both of which became victims of ransomware last year, no business or institution can feel safe. Our analysis presents the scope of recent ransomware hacks as well as indicating which industries need to stay particularly cautious.” 

NordLocker’s analysis reveals that construction is the top industry hit by ransomware (93 victimised companies), followed by manufacturing (86). finance (69 ransomware cases), healthcare (65), education (63), technology and IT (62), logistics and transportation (59), automotive (56), municipal services (52), and legal (49).

Among the 86 manufacturing firms hit by ransomware in 2020-21 were a leading manufacturer and distributor of musical instruments, one of Europe's largest wire and cable producers, and a custom envelope manufacturer that produces nearly three billion envelopes each year. NordLocker has chosen not to disclose specific company names, for privacy reasons.

Among hacked companies discovered by NordLocker’s research, there were large organisations – such as a global hotel chain, an automotive conglomerate, and an international clothing brand – but also small family-owned abusinesses like an Italian restaurant and a local dental clinic.

“It is surprising how many companies still take cybersecurity for granted, ‘inviting’ hackers to exploit their vulnerabilities,” said Noble. “When successfully attacked, companies get all their employee data, customer details, client agreements, patents, and other valuable business information inaccessible and threatened to be stolen, leaked, or destroyed for good. To avoid the doomsday [scenario} – having business operations put to a standstill, damaged reputation, loss of clients, tiresome legal battles, and huge fines, some organisations are left with no choice but to pay a ransom to get the decryption key.”

However, many businesses cannot afford the ransom demands. It is estimated that the average total cost of recovery from ransomware has more than doubled from around $761,000 in 2020 to $1.85M in 2021. Worryingly, paying a ransom does not guarantee that a business will get back what’s been taken away. There is also no guarantee a business won’t get attacked again.

The analysis has found that the five countries with the most ransomware attacks are the US (732 cases), UK (74), Canada (62), France (58) and Germany (39). According to Noble, most ransomware gangs come from the former Soviet states, which still maintain hostility towards the US and seek to cause harm to both its private and public sectors. Also, a strong belief that American companies are all wealthy might contribute to the reason they get attacked most.

“Internationally operating law enforcement groups work hard to shut ransomware infrastructure down,” says Oliver Noble. “Just last week it was reported that a joint operation put REvil’s servers offline. However, the Russian ‘ransomware-as-a-service” gang is expected to re-emerge. Ransomware is no longer the preserve of skilled hackers. Any paying user, known as an “affiliate", with little technical knowledge, can use the subscription-based model to employ already-developed tools to execute ransomware attacks against businesses.”

Although ransomware attacks are evolving, Noble suggests some easy-to-implement cybersecurity tactics to defend your business:

• Make sure your employees use strong and unique passwords to connect to your systems. Better yet, implement multi-factor authentication.
• Secure your email by training staff to identify signs of phishing, particularly when an email contains attachments and links.
• Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution for this.
• Adopt zero-trust network access, meaning that every access request to digital resources by a member of staff should be granted only after their identity has been appropriately verified.

https://www.nordlocker.com