Leaking data: the worrying new trend in ransomware
Until now, typically the worst threat that manufacturers faced from ransomware was the inconvenience of downtime and lost production while the company worked to get its systems back online using backups. Cyber-attackers played a numbers game, relying on a small number of victims to pay the ransom. However, a new trend sees attackers leak the sensitive data if victims don’t pay. Here Neil Ballinger, Head of EMEA sales at EU Automation, has explained the worrying new trend in ransomware.
On New Year’s Eve, in December 2019, currency exchange company Travelex fell prey to a ransomware attack. A cyber gang known as REvil claimed to have access to the company’s computer network along with 5GB of sensitive customer data, including date of birth, credit card information and insurance numbers. The gang promised to delete the data on payment of the £4.6m ransom or sell it if payment wasn’t made in seven days. While this example is limited to the retail sector, this act of doxing — or leaking information online — could prove to be just as damaging for manufacturers.
A threat to ransomware protection
In perhaps one of the costliest ransomware attacks to hit the manufacturing sector, in March 2019 Norweigen aluminium maker Norsk Hydro was hit with a type of malware called LockerGoga. The malware, changed passwords and locked victims out of the infected systems in 170 of its sites around the world. The company estimates losses in excess of £45m while it scrambled to restore its production systems using backups.
Losing information on one’s production or customers costs valuable hours of work for staff to re-collect, not to speak of the sales, trust and work-hours that are lost to downtime. Appropriately, existing measures to minimise ransomware damage often tackle these threats by having online or physical backups of sensitive information and isolating the infection before it reaches mission critical systems. While this might be enough to minimise the damage on the manufacturing side, it does not account for the potential damage hackers could do by leaking the data.
Leaks can result in, at best, lost trust from existing or potential customers and, at worst, in a violation of customers’ data rights. The Information Commissioner’s Office (ICO) could determine that information was leaked due to negligence or failure to make the relevant bodies aware in time. Ransomware victims could be fined up to four per cent of their annual global turnover under the General Data Protection Regulation (GDPR).
You can’t leak what you can’t read
To protect their clients’ information from this new type of ransomware, manufacturers should encrypt all sensitive data that is stored on their system. This will not prevent attackers from adding a further layer of encryption on your data,, but it will make leaks valueless.
Minimising downtime will still be possible by having regular backups of mission critical files. When copies of important files are available offline, ransomware is less likely to interrupt the functioning of your production line. Safe network architecture is also necessary to protect both manufacturers and their clients. Providing airgaps between backups, critical systems and external networks will minimise the damage malware can do once it infects a business’ network.
Adopting a structural approach to network safety also requires a corporate culture to match. Regular security updates and patches matched with backups and air gaps will protect your business’ legacy hardware from attackers. Cybersecurity strategies do not require manufacturers to abandon their current machinery, but simply to organise it effectively.