Worried about becoming a victim to manufacturing ransomware attacks? If so, here are 4 tips to follow to increase cybersecurity in manufacturing businesses.
The Canadian Centre for Cyber Security is warning Canadians that unpatched devices and bad password hygiene are resulting in a mass of attacks from cyber criminals and especially ransomware. This is leading people to want to learn methods to avoid being a victim of ransomware, which is truly a terrible crime and leaves the victim feeling helpless and sometimes ashamed. I’ve been paying close attention to the cybercrime in my local area where well-known cyber attacks have happened.
As part of critical infrastructure, ransomware attacks against manufacturing are on the rise. State actors in particular want to disrupt western supply chains, steal intellectual property and earn money as their economies are sanctioned. As a small and medium manufacturing company, you are a prime target.
There are a lot of reasons for cybercrime and a number of different ways to harden your network and organization against all kinds of cybercriminal activity. This article is going to dive specifically into ransomware and how to avoid being a victim of ransomware.
What is Ransomware?
If you don’t know what ransomware is you might be lucky enough not to have experienced it. We run into manufacturing businesses who have been hit by this organized criminal activity all too often. Ransomware is a virus attack against a computer in which the contents of the computer, server, or entire network are “encrypted” in such a way that the files become inaccessible and useless.
Photos, Word documents, and databases… all are locked down. The criminal leaves a message on the computers in the form of .txt files with information on who to contact to pay a ransom to have your files returned to you. Anyone who’s experienced this wants to avoid being a victim of ransomware ever again!
If I Pay the Ransom, Will I Get My Stuff Back?
The answer to this is, it depends. Some crypto criminals are actually pretty honest and will even provide tech support to help you get your files back. There is no guarantee though. Some criminals will take the money and leave you to your own devices. Some of them are using ransomware software they didn’t write and don’t necessarily understand. You are taking your chances any way you look at it.
How to Avoid Being a Victim of Manufacturing Ransomware Attacks
Ransomware is sometimes referred to as a Crypto Attack. In September 2019, I attended a managed service conference with our peers in Chicago. The US government sent staff to ensure we were warned (over and over, and over again) about the current state of cyber security. There are a few things we can all do to make sure we are kept safe.
Here are 4 tips you can follow to avoid being a victim of manufacturing ransomware attacks:
Two Factor Authentication
It’s annoying, and it makes it slightly slower to log in and do things but turn on two-factor authentication (2FA) as soon as you stop reading this. Actually no – stop reading and come back after you turn on your 2FA. I directed my staff to turn it on for administrative-level staff as soon as a presenter started going over the risks. All administrative (sometimes called privileged users) already had it activated. Everyone else, from the most basic intern to the controller, will have 2FA now.
This is one of the best ways to avoid ransomware attacks against manufacturing. A lot of ransomware is “delivered” to your systems by hackers who got your passwords. Two-factor authentication will shut them down pretty fast and is a critical part of small business manufacturing cybersecurity.
Train users to avoid Phishing
Hackers get your passwords through phishing. Phishing is the most common way hackers gain entry into the system. They send millions of spam emails out – and it only takes one person opening one of these to infect an entire network. I accidentally responded to one myself (it looked so real) and spent the next hour changing passwords. Train your users to avoid being a victim of ransomware by learning to avoid these nasty emails.
If you are running a business, I strongly recommend you run a Phishing test on your users. These tests send “fake” versions of the phishing emails to staff to see who falls for them. Sabre IT uses a specific version of this service, and you can find them online.
We are more plugged into the situation than most “civilians” and we are seeing these attacks increase in frequency and success. We are the managed IT service company for a Brantford, ON business that has been particularly hard hit lately. Good backups and our monitoring systems let us get them back up in minutes, but you need to be forever vigilant against phishing.
Active Security Monitoring
You really need to monitor cyber security more today than ever before. There are products in the market that will install on your equipment and will look for the predictable behaviour of the bad people hacking systems. I usually describe this as having “ADT” for your network. Patching (see below) is like having good locks on doors. Active security monitoring is like having a motion sensor that will spot hackers when they are inside your network moving around.
A particularly scary fact that was discussed is that the typical hacker will peruse your system for a while. Sometimes they can lurk for hours or days to see if you have anything useful before they encrypt it. This is frightening – but it also leaves some time to do something. These security monitoring companies can help you avoid being a victim of ransomware. They have software (it’s not anti-virus, don’t confuse them) that sees the perusing and opening and closing files in the background and will lock that out until you confirm “no – that was me” or “what do you mean the file ‘passwordlist.txt’ is being opened.”
Keep up to date
The most common cause of an intrusion (besides users clicking on a fake email or link) was software exploits. Some of these exploits are in everyday software like Google Chrome or Windows. Exploits exist in all software. They are glitches where a bad actor can “insert” unsafe code into an otherwise safe software product.
Software vendors fix their software all the time. The Windows patches that you get are those fixes. DO NOT let these lapse. Be on top of it. You wouldn’t leave a broken lock that didn’t work on your front door at home – don’t leave it on your computer.
We took over IT services in Waterloo, ON at a local manufacturing company shortly after they were hit with a massive ransomware attack. Virtually none of their desktop computers had been patched. Phishing emails don’t exist in a vacuum, and the holes in their operating systems and software definitely made it easier for the virus to attack them. Good IT services in manufacturing companies need to make sure these kinds of patches are up to date.
If you have an unpatched machine, the bad guys will find it eventually. They will infect a website or some other software and every time someone visits they’ll see if the lock is broken. If you own the broken lock, set some money aside to pay their ransom (or lose the data on your computer)
Increasing Cybersecurity in Manufacturing Conclusion
Do you know of any other things that can be done in a regular environment to keep on top of these security risks? I’ve listed 4 – but I am certain there are many in addition (from segmenting LANs to restricting user access rights). What are some other things or what are your thoughts on my list? I’d love to hear your thoughts.
If you are an industrial business you should give Sabre IT Solutions a look. We have been helping businesses to avoid being a victim of ransomware for over 20 years. We have worked with scores of discreet manufacturers, logistics, warehousing, and similar businesses; helping with their ERP systems. We regularly see the results of cybercrime that is attempted and stopped (for our customers) and some which got completely out of hand and resulted in tragedy (with new prospects we meet all the time).