Rapid technological advancements in the manufacturing industry have allowed companies to supercharge their production lines, reduce unplanned downtime and manage their IT assets with increasing precision.

The ongoing automation boom (widely referred to as Industry 4.0 or SMART manufacturing) has only accelerated this transformation, helping manufacturers consolidate their legacy systems and analog processes into one intelligent, centralized IT management framework. The push toward modernization positively impacts the industry and comes with more than a few risks.

Like most commercial industries, manufacturers of all sizes have had to invest in a range of cybersecurity software, tools, and services to protect their production equipment and data from digital exploitation. One 2018 study from Gartner estimated that global spending on information security would exceed $124 billion by the end of 2019, in part due to the growing number of high-profile data breaches.

Manufacturers invest in a host of defensive capabilities to help mitigate these and other cybercrime types, from identity and access management to data loss prevention. But there are some threats that automated cybersecurity systems cannot completely negate, such as ransomware attacks. To get a clearer picture of how ransomware infections can impact manufacturing operations, let’s dive a bit deeper into the details.

A Brief Overview of Ransomware

Ransomware is a specialized form of malware that infects computers and data stores, encrypts important files, and locks down computer terminals until a ransom is paid, according to the U.S. Department of Homeland Security. While many different types of ransomware are circulating the web, nearly all can quickly spread across connected systems, shared storage drives, and private networks.

Once the ransomware has identified critical drives on an infected computer, the malicious code starts encrypting every file it can access. Users are locked out of their devices until the ransom is paid or the malware is wiped from the data stores.

Research from the cybersecurity firm Coveware found that the average amount spent per ransomware incident in the first quarter of 2019 stood around $12,762, nearly double the average from the end of 2018, ZDNet reported.

Law enforcement agencies like the DHS and FBI advise against paying the ransom. It only encourages cybercriminals to continue developing new ransomware families with enhanced capabilities. In terms of specific ransomware variants, anti-virus developer Malwarebytes sorts strains into three categories based on severity:

  • Scareware: The least severe type of ransomware, scareware is often relatively easy to detect and remove. This form of ransomware infection typically creates persistent pop-up messages that claim malware was discovered on a user’s computer and that a “support fee” must be paid to remove it. These tech support scams often target less tech-savvy users and rarely have a lasting impact on files and data stores.
  • Screen lockers: Unlike scareware, this mid-tier category of ransomware can completely freeze users out of their workstations, even after a restart is been performed. Once infected, a computer terminal will permanently display a locked window until the ransom is paid, preventing users from accessing files and performing basic administrative tasks.  While screen lockers can be highly disruptive in the short term, you can usually clear them without fear of data loss.
  • Encrypting ransomware: This form of ransomware is undoubtedly the most severe. It can be impossible to fully restore the encrypted data without paying the ransom, even with advanced cybersecurity software. However, giving in to cybercriminals’ demands is no guarantee that the hijacked data and files will be usable. Recovering from this type of ransomware infection often requires a complete wipe of all drives and a complete reinstallation from safe backups.

According to Kaspersky Lab’s research, the total number of users who encountered ransomware decreased by almost 30% between 2017 and 2018. Manufacturers have seen a notable uptick in cyber attacks over the past year. A recent study by Deloitte discovered that close to 40% of manufacturing companies encountered at least one cyber attack between 2018 and 2019, suggesting a real need for continued improvement. But how can manufacturers protect their data and workstations from ransomware before and after an attack has occurred?

Fishing hook baited with an empty username and password screen.Phishing emails remain the most common form of ransomware delivery for individuals and businesses.

Ransomware Protection and Response

Generally speaking, manufacturing firms are highly susceptible to ransomware due to the large volume of mission-critical production data involved in their day-to-day operations. A single encrypting ransomware attack can lockdown everything from production schedules and work orders to component schematics and more.

Manufacturing environments that heavily rely on automation and internet of things technologies, in particular, can suffer significant outages and prolonged downtime. Simultaneously, the ransomware is being removed, leading to costly operational delays and missed business opportunities. That’s where ransomware protection can help, but only if the right cybersecurity tools and IT policies are in place.

“40% of manufacturing companies encountered at least one cyber attack between 2018 and 2019.”

First, it’s important to note that the vast majority of ransomware attacks are orchestrated through phishing emails or drive-by downloads, according to the DHS. Generally speaking, end users are the most vulnerable access point that cybercriminals can exploit. That is why cybersecurity training and IT governance policies are crucial to any ransomware protection plan. While there are plenty of anti-ransomware applications on the market, few can decrypt all the different ransomware families, making prevention the most effective approach. To that end, a robust anti-ransomware training program should teach employees how to spot phishing emails and cover the dos and don’ts of on-the-job internet use.

Vulnerability assessment is another critical practice in ransomware protection, as new delivery methods are constantly under development. Cybercriminals favor ransomware because it offers an immediate return on their activities, instead of identity theft which typically requires a buyer. However, in both scenarios, hackers capitalize on the sensitive nature of an organization’s data, which makes proactive backup operations essential to long-term security. Backing up business-critical systems and files to an offsite location can significantly reduce the leverage ransomware attackers have while also ensuring IT administrators can restore essential data stores without paying the ransom.

Even under the most favorable conditions, ransomware attacks can still penetrate a manufacturer’s network perimeter due to user error, poor controls, and negligence. In these scenarios, it’s crucial to contact law enforcement as soon as possible and resist the urge to pay the attacker.

If you cannot remove the malware or ransomware, the next best option is to completely wipe all drives and data stores and reinstall from clean backups. Keep in mind; some ransomware variants seek to infect your backups to render them useless. This point of leverage means a simple re-imaging of systems followed by backup restores may not be enough to recover your operation.

If your organization wants to improve its security posture and prevent costly ransomware attacks, reach out today.

As a proud supporter of American companies, Certitude Security® is working diligently to inform leaders and facilitate essential asset protection priorities for manufacturers and supply chains throughout the United States.

Problem discussions can be a defining moment in your career. If you are interested in value creation, learn about SPOT-Beam™ by Certitude Security®. We look forward to helping you and your business succeed!