After another of the world’s major manufacturers was laid low recently by a ransomware attack. The QBS Distribution team caught up with Acronis to get their thoughts.
Production at ASCO, the giant Belgian airplane parts maker, has been halted for over a week with no end in sight. Nearly 1,000 employees have been sent home on paid leave while the company struggles to restore critical systems frozen by the malware assault.
Unfortunately, the fate of ASCO has been shared by many organisations that are ill-prepared to combat the world’s deadliest malware threat. The incident reflects a number of major trends in the ongoing struggle between cybercriminals and their targets in the public and private sector.
Ransomware remains the top threat
Ransomware remains among the most popular and pervasive malware variants out there, as noted by numerous tech security research studies like the Verizon Data Breach Investigations Report 2019.
Usually introduced behind a company’s defences when an unsuspecting user clicks on a malicious link or attachment in a phishing email, ransomware surreptitiously encrypts every file on the target system before presenting a note demanding payment for the key to unlock them.
Many ransomware strains are capable of then spreading across the network to infect other systems, including backup servers, increasing the requested payout and reducing the target’s ability to recover from the attack.
The threat of lost production time
Manufacturing has become a popular target with ransomware gangsters. The high costs incurred when production lines come to a halt (estimated at $22,000/hour in a recent Ponemon study) puts great pressure on victims to pay up quickly to get back in operation. And the costs, between downtime, mop-up, contractual payouts, and stock price dents, can be huge.
Some of the manufacturing sector’s high-profile ransomware victims include pharma giant Merck (reported losses: $870 million); American chemical maker Hexion; global automakers Nissan and Renault; American food and beverage producer Mondelez ($188 million); Taiwanese semiconductor maker TSMC ($250 million); Norsk Hydro ($52 million and counting), the Norwegian aluminium producer and manufacturer; C.E. Niehoff, an American auto-parts maker; and Hayward Tyler, the British maker of electric motors and pumps. The list goes on and on, with new victims being added daily.
The downtime inflicted by a ransomware attack may be extended by one or more factors. Firstly, in many cases, the victims do not have complete, recent backups that have survived the attack.
Secondly, law enforcement authorities generally advise victims not to pay the ransom, as the promised remedy either does not materialise or does not work more than half the time, leaving the victim to struggle with complex, manual recovery efforts.
Easy to get started
The continued success of ransomware as an extortion tactic in part derives from how easy it is to use. A criminal with almost no tech skills can shop for and lease a variety of ransomware products on the Dark Web and then quickly and cheaply start distributing them via phishing emails and other tactics.
These ransomware-as-a-service offerings include features like 24/7 online chat to help victims source Bitcoin to pay the ransom, access to payment services, and consoles to help the criminal distributors to monitor their operations’ progress and profits.
New strains outwit old solutions
Traditional anti-malware measures like signature-based anti-virus solutions are struggling to keep up with the ransomware crime wave. The speed and frequency with which ransomware developers are churning out new variants essentially make most of them zero-day threats for which AV scanners have no matching fingerprints. Catching these freshly-minted ransomware iterations requires countermeasures that are capable of identifying and stopping malicious processes by their behaviour, not a signature match.
Machine learning and artificial intelligence have proven to be helpful new technologies on this particular front, making endpoint defences more agile and adaptive in their identification and responses to new ransomware variants.
Expanding ransomware’s reach
Cybercriminals can be expected to continue using ransomware to assault a variety of sectors, including manufacturing, healthcare, and government, where downtime can inflict high costs in profits, stock prices, human life, or political reputations. The crooks have shifted their attention from consumers to bigger, fatter fish: companies and institutions with money on hand and intense pressure to recover quickly.
Stopping ransomware before it starts
The good news is Acronis has been defending its customers for over three years against ransomware attacks like the one that crippled ASCO by helping them balance the Five Vectors of Cyber Protection. Also known by their acronym SAPAS, focusing on these five vectors means Acronis’ solutions ensure the safety, accessibility, privacy, authenticity and the security of data.
The need to deliver security is why Acronis integrates the industry’s first AI-powered anti-malware defence into its backup solutions, such as the enterprise-grade Acronis Backup, used by businesses and government institutions, as well as its personal product, Acronis True Image.
Known as Acronis Active Protection, it uses artificial intelligence and machine learning to automatically detect, terminate, and repair the damage from both known and zero-day ransomware variants, including 400,000 ransomware attacks last year.
Additional steps to prevent infection
While investing in an easy to use, effective and secure cyber protection solution goes a long way in countering the threat of ransomware, there are other steps you can take to fend off attacks. One of the simplest steps is to regular patch your operating systems and applications to make sure any known vulnerabilities are closed.
Another straightforward measure is to frequently back up all your systems to multiple locations and different types of storage. That way you’ll know you have a safe, reliable copy that can be used to restore your system if an attack is ever successful.
If you’d like to keep your organisation out of the headlines, learn how a SAPAS-based approach to cyber protection can shield you from ransomware and other modern-day malware threats. Request a demo of Acronis Backup with Acronis Active Protection today.