Manufacturing and Ransomware A Clear and Present Danger

In June 2020, Australian beverage manufacturer, Lion Australia, suffered two ransomware attacks, encrypting files and stopping their adult beverage and dairy products operations. It was confirmed that at least one attack used the REvil ransomware demanding US$800,000 to decrypt the data. Exfiltrated customer data was posted to incentivize Lion to pay.

A recent Intel Threat Report by Kivu has revealed that while the manufacturing sector made up only 18% of ransomware cases in 2019, the manufacturing industry surpasses all others in ransomware payments, shelling out over $6.9M to ransomware operators in 2019. According to Beazley Breach Response (BBR) Services, while there was a 25% overall increase in ransomware attacks across all industries in Q1 of this year over Q4 2019, the manufacturing sector experienced a 156% increase in ransomware attacks in Q1.

The manufacturing industry has found itself particularly vulnerable to ransomware in recent years, as the avenues for mischief, theft and destruction are multi-pronged and effects long-lasting. Most industries who experience ransomware attacks must mitigate the effects of loss of reputation, money and customer or client information. The manufacturing industry has the added bonus of being perfect for a more multi-faceted type of theft including the shut-down of production and elimination of necessary manufacturing codes which control factory machinery. In addition, many manufacturing plants operate using their own confidential processes and machinery - information valuable to other manufacturing companies. Finally, according to Kivu, downtime due to ransomware often costs 5-10 times the requested ransom amount - making it easier and cheaper to simply pay the ransom and pray for the best.

Ransomware like the “Ekans” (AKA Snake) strain used to attack Honda Motor Company in June 2020, targets systems that control machines and communication – shutting down production and creating an unsafe work environment. A “Maze” ransomware attack on ST Engineering encrypted all company data and stole customer and client contracts, information and spread laterally to cull details about government contracts with the global engineering design firm. The stolen information was then exposed and sold online.

The most commonly used ransomware in manufacturing attacks is the familiar, Ryuk, accounting for 67% of attacks. Ryuk uses encryption to block access to a system, device, or file until a ransom is paid, usually demanding a 15-50 Bitcoins payment for decryption of files. The US Coast Guard said of a Ryuk attack that they suffered in 2019, “The impacts to the facility included a disruption of the entire corporate IT network (beyond the footprint of the facility), disruption of camera and physical access control systems, and loss of critical process control monitoring systems". The Coast Guard was not alone, with at least 5 other oil and gas organizations hit by the same Ryuk ransomware simultaneously. According to a recent report, Ryuk famously charges 10 times the average ransom for release of data - accounting for the 62% of ransoms paid by the manufacturing industry.

Why Sangfor?

It seems attacks are almost inevitable as hackers take advantage of a more remote working population. Taking a proactive approach to network security is vital to the future of your organization. Seeking the help of a threat identification, analysis and risk assessment service like Sangfor’s TIARA is the first step toward forward-facing protection. TIARA is a turnkey service constructed to help enterprise quickly gain a broad spectrum understanding of their current threat posture. TIARA Assessment is a preliminary lightweight security posture assessment service, designed to help customers determine the current threat posture of their entire network in a short period of time, while TIARA Recommendations provide improvement plans and remediation assistance to take the overall security posture to the next level.

Recovery from a ransomware attack can be a long and difficult road to walk, all the more clear if you read How a Manufacturing Firm Recovered from a Devastating Ransomware Attack written by Kelly Higgins for darkreading.com. Shock, confusion and a mad scramble to save what they could, followed the discovery of the Ryuk attack which targeted the most critical systems of C.E. Niehoff & Co. in 2019. All told, C.E. Niehoff took over 2 weeks to get everything running correctly after the attack - at significant cost to the company. This could be you - or you could plan for every eventuality by contacting Sangfor today.

Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor’s Security solutions, and let Sangfor make your IT simpler, more secure and valuable.