Ransomware attacks are on the rise, and they are wreaking havoc on all facets of society. The Colonial Pipeline attack disrupted the United States’ oil and gas supply chain, resulting in regional fuel shortages and raised gas prices. And the ransomware attack on JBS, the world’s largest meat supplier, disrupted meat production in North America and Australia, which led to a spike in beef prices and threatened to affect the entire food supply chain.
As we feel the impact of these attacks and experience their ripple effects in our everyday lives, we’re starting to wake up to the realization that this trend is only continuing to worsen and that no company is safe.
Ransomware is a type of malware that encrypts an organization’s files, locks users out and demands a ransom in return for decrypting data. The consequences can be catastrophic, ranging from lost revenue due to downtime and disruptions to damage to a company's brand and reputation and a long list of expensive recovery costs. With the average cost of a data breach involving ransomware reaching $4.4 million, many businesses are never able to fully recover or to continue operating following a breach.
In the past month, the law of unintended consequences has come to fruition. Ransomware gangs likely didn’t know — or care — that they would disrupt 45% of the fuel supply for the East Coast, shut down transportation service in New England and disrupt meat production in North America and Australia. The average network intruder is typically operating with relatively little understanding of the victim’s network environment.
In addition to disrupting supply chains and transportation, ransomware attacks can result in an even bigger issue — an impact on foreign relations. When ransomware attacks target consumer goods, they inadvertently disrupt the domestic supply chain and, in turn, the global economy.
Ransomware’s profitability, propagation and professionalization
Some people assume that ransomware gangs seek out manufacturing companies, or that Russian hacker groups such as REvil want to decimate the U.S. supply chain. In reality, any organization with a weak enough security posture can suddenly become a victim of a costly network intrusion or disruptive ransomware attack. Attackers want to exert the least amount of effort possible, and if you're an easy target, you're going to be an enticing one. That means that small IT and security teams with limited resources and budgets are especially appealing.
While the manufacturing industry reported the highest number of ransomware attacks compared to other industries in 2020, the current victimology trend strongly suggests that ransomware gangs are being purely opportunistic. In the past five years, ransomware has become exceedingly profitable. And that profitability has grown exponentially even in the past quarter. According to a Coveware report, the median payment in Q1 of 2021 increased by 59%.
We’ve also seen the professionalization of ransomware. Some ransomware attackers have a “customer support team” that advises victims on how to purchase cryptocurrency to pay the ransom and even offers immunity packages to ensure that victims won’t get hit twice.
We have to look at ransomware for what it really is: a profit-driven business. And just like any other business, it will sink money back into areas of the business that promote growth, including research and development. Ransomware developers will research more sophisticated ways to make money and improve their craft.
How to protect against ransomware
Good cybersecurity starts with airtight fundamentals. At a minimum, dairy processors, and all organizations regardless of their industry or size, should implement three basic security controls: multi-factor authentication, a centralized security log management system and threat detection and response tools. Multi-factor authentication is an easy way to provide an additional layer of security for account logins, and centralized logs provide visibility into an environment.
Smaller IT and security teams that don’t have the resources or budget to build out and run a full-time security operations center should focus on plug-and-play tools that aren’t overly complex or difficult to deploy. A modern threat detection and response platform enables IT and security teams to not only detect suspicious activity that may indicate a security threat, but also respond to those incidents in a timely, efficient manner, reducing complexity and the need for expensive in-house security experts.
Security automation is critical to overburdened security and IT teams. Threat detection and response aggregates data, categorizes threats and alerts you when it needs your attention. Prioritized alerts cut through false-positives, eliminate alert fatigue and automate decision-making in stressful situations, allowing small teams to focus on what’s most important.
In addition to preventative security solutions such as multi-factor authentication, dairy organizations should also focus on a strong defensive strategy. A solid defensive approach ensures you understand the different techniques that attackers commonly use so you know what to look for. If you understand how an attacker might be able to compromise your network, gain access and move around in your environment, you’ll be able to quickly detect suspicious activity or catch an attacker poking around your network before ransomware can be deployed.
The ransomware threat landscape will undoubtedly continue to evolve and expand. But the good news is that ransomware attacks can be prevented. These types of attacks are at the end of a long attack or infection chain, which enable organizations with a strategic and proactive approach to more easily detect and respond to indicators of a compromise early enough to avoid becoming a victim of ransomware.