Be Proactive to Block Ransomware Threats
Rapid technology advancements, shorter product lifecycles, and an increasing demand for more personalized products are driving manufacturers to implement digital technologies, embracing the “digital transformation (or Industry 4.0) in order to compete in the technology-driven business environment. They’re automating manufacturing and industrial practices, using smart technology. In doing all this they unlock a value chain of capabilities that bring factory operational efficiencies and competitive advantages.
Despite the many security products businesses have deployed throughout their locations, cyberattacks are increasing in number and sophistication. Many manufacturers compromised by an attack have been forced to close plants, delaying customer orders. Cybercriminals have damaged plant equipment and stolen intellectual property, with threats of exposing the sensitive data, if a ransom isn’t paid.
A Hillsboro, Ore., CNC machine shop is one example. EFS Enterprises provides full-service machining for prototyping and small to large production machining. Its systems include support for AutoCAD, IGES, STEP, STL, and Parasolid and Drawings for light weight 3D visualization. Over the last six years, EFS has been the target of four cybersecurity attacks.
In its annual Data Breach Investigations Report, Verizon noted that 73% of attacks launched against manufacturers were motivated by financial reasons, with the balance involving espionage. The attack risk is high for manufacturing companies. In a study of the manufacturing sector by Sikich, 50% of companies reported having experienced a data breach or cyberattack in the previous 12 months. After the third cybersecurity incident, which was ransomware, EFS Enterprises sought help to protect their systems and data.
The risk of complacency
Companies with multi-layered security solutions often become complacent, believing they’re adequately protected. Unfortunately, there have been countless companies with endpoint security, email protection, network and application security, and data backup that have become victims of ransomware attacks.
All it takes is one unfortunate click on an email, or landing on a fictitious website, to become another ransomware casualty. Even if the business doesn’t pay the ransom, a breach can cost a company in downtime, lost productivity, and product delays.
“Because we had suffered multiple security breaches, we had first-hand experience in dealing with the frustration, pain, and difficulties of painstakingly restoring our data, software programs, workstations and servers, to get our business back up and running,” explained Ernie Fisher, Sr., founder and owner of EFS Enterprises. “I don’t wish this on anyone. And I didn’t expect a small business like ours to be hit so many times. We didn’t want to experience those issues again, so, my IT guy went on a search to find a solution for us, and we were lucky enough to have discovered NeuShield.”
Rather than trying to detect and block threats individually, the patent-pending NeuShield Data Sentinel product shields important data to prevent threats from modifying it. Businesses and consumers use NeuShield Data Sentinel as a simple, reliable, and budget-friendly way to revert digital files and devices back to their pre-attack state when other malware defenses (e.g., antivirus and anti-ransomware) fail.
Cybersecurity detection and prevention solutions, while necessary, will not prevent all attacks from coming through. Having an off-site backup system is a good data protection practice, but restoring data can take many hours, or even days. And data backup won’t help with computers that were damaged.
“The fact that our small business has been hit multiple times with ransomware, goes to show that company size doesn’t matter. The pain, in terms of downtime, cost, loss of data, and delay of business that all companies experience when down is bad regardless of their size,” Fisher said. “I’m just glad we have NeuShield to protect us. We’ve installed it on all of our systems, and now we have peace of mind knowing our business won’t be disrupted by similar attacks. As a business owner, it’s worth its weight in gold.”
Speed of recovery is key
In the event of an attack, manufacturers need operations up and running as soon as possible, without having to pay a ransom. Beyond having various detection and protection measures in place, rapid recovery measures are necessary, as most businesses cannot afford to be offline for days or weeks.
With proper recovery measures, an organization need not be held hostage to a ransom demand. Unfortunately, many of them pay the ransom because they make a quick determination that it will be less expensive than replacing and rebuilding systems and restoring data from backup. They give in to the extortion, because shutting operations adversely impacts their customers and supply chain partners.
The key to fighting back is to adopt multiple security protection layers, including immediate data and operating system recovery. Relying upon data backup is not a solution for protecting against ransomware. It simply takes too long to restore, and it’s not reliable. Bad actors target backup systems, too. Data and system recovery need to be proactively deployed to protect business assets, so manufacturing can quickly become operational again.
With a recovery solution in place, all data and the operating systems can be recovered quickly if a hacker gets through the firewall, anti-malware, or endpoint security. This can take place within an hour or two, instead of days or weeks. Next-generation recovery solutions create a virtual overlay with stored deltas of the original data. A ransomware breach will only reach the overlay protecting the original data and operating systems. This can be quickly restored with a single button click, and data is never lost or held hostage. Only the changes made by the ransomware attack are deleted.
Steps to take post breach
Without a next generation recovery solution in place before a ransomware attack, there are important steps that must be taken immediately following the attack. First, disconnect all computers from the Internet and power them down. Identify all the affected host’s mission-critical data, and mount their storage devices on known clean systems, and back them up. Backing up the corrupted system is important, as it gives you a chance to recover the data. It also preserves important forensic data for a follow up breach investigation.
The operating systems of the compromised machines should be reinstalled from scratch, or factory reimaged, as hackers will install backdoor access, or malware, that are extremely difficult to discover and remove. Then you can begin the laborious process of restoring your data, using a backup or recovery tool.
Finally, after you finish recovering and restoring the computers and data, patch all vulnerabilities, harden security in your systems, and change user passwords on all affected computers. This can be an overwhelming process for in-house personnel. So, you might consider working with outside security experts that specialize in ransomware investigation and recovery.
A healthy cybersecurity posture needs to consider rapid data recovery, when breaches exploit security gaps, system vulnerabilities, and users who unwittingly fall victim to an attack.
Written by: Yuen Pin Yeap, CEO and co-founder of NeuShield and an experience developer of cybersecurity products, for American Machinist.