Ransomware continues to be a popular tool among hackers and cyber criminals. By locking users out of their own systems, these cyber criminals can extort significant payments from companies who risk losing way more money due to the interruption to their business. Traditionally, the number one target of ransomware attacks has been the healthcare industry due to the incredibly time-sensitive nature of their business. Recently however, hackers have focused their attacks on industrial businesses which is bad news for product manufacturers and physical plants.
In a manufacturing world dependent on “just in time” production concepts, small delays in industrial processes can cost a company and their customers large sums of money. An attack that has the ability to shut down a factory or manufacturing plant for a few days can bring many of these businesses to their knees. The highly time dependent nature of these companies make them ripe targets for ransomware attacks as companies almost have to pay the ransom rather than risk delays of a week or longer.
LockerGoga is the most recent version of malware designed to target industrial companies. Since the start of 2019, at least five major global manufacturers have suffered LockerGoga attacks. These include Norsk Hydro, an aluminum manufacturer based in Norway, Altran, a French engineering company, and Hexion and Momentive, U.S. based chemical sister companies. LockerGoga seems to be used in more exclusive, specifically targeted attacks, unlike previous ransomware crises like WannaCry, which sought to cast a wide net and infect any system it could. Hackers using LockerGoga have used more sophisticated attempts to gain entry to a vulnerable company’s technology systems and use domain elevation to seek access to the accounts with the highest privilege credentials.
The Norsk Hydro attack is particularly illustrative of the damage these attacks can cause. Experts believe the attack originated at one of Norsk Hydro’s U.S. plants and was spread throughout the company’s internal systems. Plants in several different countries, ranging from Brazil to Qatar, were forced to shut down and switch to manual processes, entailing significantly increased production costs and delays. It took the company several weeks to restore normal operations, even with a disaster recovery response that many experts commended for its efficiency and timeliness.
Ransomware attacks at industrial plants pose additional threats. Traditional ransomware attacks lock users out of their computer systems. Ransomware attacks at industrial plants have the potential to harm expensive manufacturing equipment and hurt employees if engaged at the wrong time. As a result, these attacks implicate more than a company’s cyber security and cyber insurance risk management approaches. They raise a host of liability concerns and implicate workers compensation coverage.
The nature of cybersecurity threats are always changing, but industrial companies pose a particularly tempting challenge to many cybercriminals. Companies operating in this sphere need to make sure they are keeping up to date with the latest threats, taking all reasonable precaution to protect their systems, and instituting the best risk management practices in regards to cyber threats, including the use of cyber insurance.