Ransomware a Pain in the Derrière for the Food & Beverage Industry
By Chad Hudson, Director Cybersecurity & Data Privacy, Marcum Technology
Ransomware attacks are ubiquitous in today’s business environment. The National Law Review1 projects ransomware attacks to occur every 11 seconds in 2021. Who could have predicted one of the most significant risks to organizations in business today would be clicking a mouse? Unfortunately, that is our current operating reality.
At a time when the food & beverage industry is experiencing economic hardships created by the pandemic, it has also been the target of these hackers. In just one recent example, Pan-Asian retail chain operator Dairy Farm Group was held hostage by ransomware attackers demanding a $30 million ransom, according to a report by Bleeping Computer2.
What is ransomware?
Ransomware is a type of cyber-attack that requires relatively low sophistication and low financial investment by attackers to deploy. Often, the ransomware attacks are accomplished using open source tools that are low or no cost to offer a substantial return on investment.
Usually, attacks involve a threat actor sending a phishing link or attachment via email. While other attack vectors are possible, this is the most common. It is far easier to persuade an end user to click on a link than to bypass strong technical security controls.
Once the end user clicks on the link or opens the malicious attachment, malware (bad software) is executed on the host machine (the end user’s computer) and encrypts the files. Encryption is a strong algorithm that jumbles data rendering it unusable until the encryption key (password) is employed to decrypt the data making it readable and usable again.
While the malware executes on the computer, a message is displayed on the screen informing the user that their files are being encrypted. There is usually a ransom demand along with instructions on how to pay the ransom in bitcoin cryptocurrency in order for the encrypted files to be released.
It is also common for the malware to “pivot” in an attempt to traverse the network and infect other connected computers, causing further damage.
Who is at risk?
Unfortunately, all organizations are at risk of ransomware attacks. It is a dangerous fallacy that smaller organizations are safe from cyber-attacks because they do not have as much data or anything worth protecting. From an attacker’s perspective, it is much easier to compromise a smaller organization that may not have the budget to implement a proper security program. And, as mentioned above, virtually all that is required for an attack to be successful is for someone to accidentally click on a malicious link or to innocently open an email attachment.
Other common risk misconceptions revolve around industry. Who would attack the food and beverage industry in general, and a dairy company more specifically? The fact is, data has become the life-blood of business, regardless of industry. This positions the food and beverage industry to be susceptible to attack like any other business.
All businesses have data worth protecting, whether it is intellectual property, employee or customer information, financial records, trade secrets, vendor data, or more. The loss of confidentiality, integrity and/or availability of data can cause significant, and sometimes, irreparable harm to organizations.
How can we defend against it?
As with all risks, there are precautions that can be implemented to strengthen an organization’s security posture and defend again ransomware.
Security awareness training is the biggest opportunity to help organizations withstand a ransomware attack, along with developing a culture of security. When employees are aware and know what to look for, organizations are more resilient to attack. Consistent education and positive reinforcement for phishing awareness is paramount. Employees need to know how to identify suspicious emails, links, and attachments, oddities in website behavior, spam text messages, and phone calls. When planning industry conferences, or looking to attend one, make sure security professionals are included, to provide education and awareness.
There are technical controls that can be implemented, as well, to help prevent harmful activity, such as enhanced email spam filters, technical scans of links and attachments before they are delivered, and banner alerts that indicate the potential for malicious activity in the email message.
Back-up all data! The organization should have a complete, documented and tested back-up plan for all data. If an incident does occur, there will be a good copy of the data that can be restored in order to continue operations.
What do we do if we have an incident?
As with any threat, there are steps the business can take to reduce the impact of ransomware attacks. The time to prepare these steps is before an incident occurs. The organization should have incident response playbooks that have been tested regularly, which indicate the steps the organization should take and the resources it should have available in case of an incident. A few key immediate actions are:
- Stay calm.
- Try to contain the attack as much as possible. Disconnect the network cable/turn-off Wi-Fi connections on devices, switches, and routers to prevent the spread. In most cases, it is best not to power-off the device to preserve forensic evidence.
- Advise internal stakeholders and leadership of the incident. It is critical to communicate to leadership and activate stakeholders as efficiently as possible.
- Contact professionals. Alert the organization’s legal, incident response, PR, and other appropriate specialists to implement the necessary forensic and remediation activity. Ideally, these partners would be identified and retained in advance.
As the food & beverage industry concentrates on its economic viability, cybersecurity should be a main component in the planning. Don’t let hackers take advantage of an already vulnerable time. Cybersecurity experts can provide things like gap analysis, roadmaps, back-up solutions, incident response, forensics, security education, and other security and privacy-related solutions so that you can concentrate on the growth of your business.
Unsure where or how to start with any of this? Ask Marcum Technology. We can help with gap analysis, roadmaps, back-up solutions, incident response, forensics, security education, or any other security and privacy-related topics your organization may need. Contact us directly at 800.331.6546 or by email at firstname.lastname@example.org.