Industries essential to everyday life grapple with the life-or-death choices surrounding ransomware attacks
In a concerning development, the network and security profiles of almost a million IoT and security devices across corporate and government agencies have been analysed by Chris Rouland, founder and CEO of Phosphorous Cybersecurity. The findings reveal a troubling state of affairs, with nearly half of the firms using default credentials, about 50% of the devices using vulnerable firmware that is not getting updated, and more than one-quarter of the devices at the end of life and no longer receiving regular security updates.
One such victim of a ransomware attack is Sierra Wireless, a Canadian IoT devices provider. On March 20, the company suffered a ransomware attack that caused its production facilities to shut down until March 26. The attack was attributed to Ragnar Locker by the company's CEO, Kent Thexton, during a fiscal first-quarter earnings call.
Ragnar Locker is a type of ransomware that has been linked to about 30 organisations appearing on its shaming site between April 2020 and the present, according to Mandiant Threat Intelligence. The attack on Sierra Wireless was attributed to a Chinese state-sponsored cyber espionage group. However, it's worth noting that multiple threat clusters have been observed deploying the Ragnar Locker ransomware, suggesting intrusion tactics may vary.
The ransomware attack on Sierra Wireless incurred $18 million in indirect costs, primarily due to being unable to factor its receivables. This underscores the potential financial impact of such attacks on businesses.
Another high-profile victim of ransomware is the North American affiliate of JBS, the world's largest meat supplier. The attack, linked to a threat actor called Labyrinth Chollima, with ties to North Korea, highlighted potential risks in the agriculture and food supply. The attack led to the installation of a malicious loader, allowing a hands-on operator to perform various discovery activities.
The Biden administration has responded to these recent ransomware attacks by issuing an executive order to help standardize the process in certain critical industries. The order exposes a lack of minimum standards and practices, highlighting the need for improved cybersecurity measures.
Businesses can take precautionary steps such as backing up critical data, maintaining the ability to continue processing payments, and setting up a plan for manual operations at plants that rely on automation. However, many either fail to put those options in place or cannot make the business case that those options are sufficient.
Top executives need to fully understand which operations can function under a potential ransomware scenario, according to Paul Proctor, a distinguished VP analyst at Gartner. Security and risk people should be working with executives to ensure they are making the necessary business decisions to prepare for ransomware.
A report from Neustar International found that six out of ten companies would be willing to pay ransom in the event of an attack, with one in five respondents willing to pay more than 20% of annual revenue. This willingness to pay ransom could be driven by a desire to avoid an extended break in operations or the belief that they will not be able to recover without it.
The food and agriculture sector has been a target for many years but is often overlooked due to firms' reluctance to publicize such attacks, according to John Hoffman, a retired colonel and senior research fellow at the Food Protection and Defense Institute at the University of Minnesota.
Crowdstrike identified agriculture as a potentially lucrative target for threat actors linked to the Democratic People's Republic of Korea and China in late 2020. This underscores the need for increased vigilance and improved cybersecurity measures in this sector.
In conclusion, ransomware attacks pose a significant threat to corporations and critical industries. It is crucial for businesses to take proactive steps to secure their networks and data, and for governments to implement policies that help standardize cybersecurity practices in critical sectors.
