In my blog on Ransomware, I described what ransomware is, and what the attackers do to the victims. In short, ransomware is an organized criminal activity not much different from a protection racket. It is basically a way to extort money from businesses that are unfortunate enough to get caught.
If you are concerned about ransomware attacks in manufacturing there are some simple things you can do to help mitigate the impact if attacked, and maybe prevent it from happening in the first place.
6 Simple Ways to Avoid Ransomware Attacks in Manufacturing
Ransomware attacks in manufacturing companies have been on the rise even before the pandemic. Ransomware attacks can cripple a business’s operations and cause severe financial and reputational damage. IBM’s 2022 report stated that the average cost of a breach was USD $4.35 million.
Manufacturing businesses can mitigate the impact of ransomware attacks in six ways:
- Check backups regularly
- Have a good antivirus
- Get a better antivirus
- Add a DNS proxy to your network
- Monitor the dark web
- Patch your systems
By implementing these measures, companies can strengthen their cybersecurity and reduce the risk of ransomware attacks in manufacturing.
Check Your Backups Regularly
Your first defence against ransomware attacks in manufacturing is backups. Backups are fickle. Whether intentional or just through natural errors that occur, backups stop working. It’s like a stone fence falling over in the spring. You need to check it and fix it regularly or you’ll not be happy. Too often we find customers who check their backups when they need to restore them. We recently visited a customer whose server failed after 8 years (not at all a surprise, 8 years is a lifetime and a half for a server). The backups stopped working 6 years ago.
Assume your backups have a 20% chance each month of not working. Check them. Try restoring data from them. Check the backup logs that are kept every day. Read them carefully. They could say “Successfully backed up 0 files” and if you just look at the first word you don’t notice the last two. That has also happened to a customer.
Have a Good Antivirus
Antivirus is still a critical defence against ransomware. Choose an enterprise antivirus where you have a dashboard that gives you the status of each computer. A common “tell” that a hack might be happening is the antivirus starting to fail. Multiple computers in the office all having AV problems can often be a sign of intent. Having the dashboard and using it regularly (daily) lets you see that.
Have a Better Antivirus
Advanced Threat Protection (ATP) is a more costly and advanced antivirus product that does a few cool things. The coolest of these things is something called a “Sandbox.” When you open an attachment or download a file with these products, they create a temporary “isolated” computer image called a Sandbox. They open and run the file and then check to see if anything bad happens. If all is ok, then they dispose of the sandbox and you can open the file.
Add a DNS Proxy to Your Network
A DNS Proxy is a service (Cisco Umbrella is a common one) that puts a layer of protection over your staff by restricting their ability to browse the internet. There are a lot of sites on the internet with downloads, games, social media content, blogs, gambling, and pornography that are often the targets of hackers. Hackers will add their payload into an advertisement that these sites might not look too carefully into. The advertisement entices someone to click on it and then they are infected. Presto ransomware attack.
Monitor the Dark Web
This is another tell rather than a specific attack. The Dark Web is where hackers share information about targets. If your business appears there, you are going to be considered a viable target. It means you have staff who have shared their email address on a website that was not legitimate or replied to Phishing attacks with an email address. The Dark Web looks at a business that has many users who are replying to these attacks and lots of people will Phish you. You can get Dark Web Scans done one time for a fee (we do them for free usually) or monitored continually.
Train your users to avoid this trap. It is a critical step also. Monitor the dark web. Stop users from falling for these phishing attacks.
Patch Your Systems
Your computers have locks. The locks need your keys (username and password) to get into. Sometimes a hacker discovers a skeleton key that opens every computer of your type (an exploit). Microsoft, Adobe, and Java… all of them have this problem. They release new versions of the locks (patches). I have seen IT professionals who had a problem with a patch in 2011 and since then have turned off patching. They usually aren’t the ones that keep their job after we get called to help resolve the crypto attack they’ve suffered.
You need to be 100% sure the weekly patches from Microsoft, Adobe, Java, Google, and other vendors are installed fairly quickly and reliably. There are software tools you can get that can provide you with a dashboard to tell you the state of patches for your network. Use them. Check them often.
Conclusion
Ransomware attacks in manufacturing are becoming increasingly prevalent and can have devastating consequences. However, there are simple and effective ways to lower your risk of an attack.
Regularly checking backups, having a good antivirus, implementing advanced threat protection, adding a DNS proxy to the network, monitoring the dark web, and patching systems are all crucial steps that manufacturing companies can take to strengthen their cybersecurity.
By following these steps, you can prevent ransomware attacks and protect yourself from the possible repercussions that often result from these attacks.
