Today, increasing ransomware attacks is a widespread problem that has the potential to cause millions in damage. The ever-growing issue has affected numerous organizations in the world across several industries. The manufacturing sector, in particular, has been heavily hit by ransomware attacks as cyber-criminal groups are increasingly targeting the Industrial Control Systems (ICS) that manage operations. According to a report by Dragos, the number of publically recorded ransomware attacks against the manufacturing sector has tripled in 2019 alone. Here are some of the major reasons why the manufacturing sector is becoming the main target for ransomware attacks.
Reliance on ICS
While a lot of manufacturing process relies on traditional IT, some elements of manufacturing require ICS during mass production. This is an area that several hacking groups are actively looking to target. This could be potentially threatening due to the interconnected nature of the manufacturing supply chain–means that if one factory gets taken down by a cyber-attack, it could have wide-ranging consequences.
Need for Constant Operation
Manufacturing often becomes a highly strategic target for cybercriminals because in many cases, the operations cannot afford to be out of action for a long period of time, so they could be more likely to give in to the demands of the attackers and pay hundreds of thousands of dollars in exchange for getting the network back.
Lack of Vulnerability Management
Manufacturing operations do not necessarily have the most robust cybersecurity operations and may make interesting targets of opportunity for adversaries. The nature of manufacturing means the industrial and networking assets are often exposed to the internet, providing avenues for hacking groups and ransomware gangs to gain access to the network via remote access technologies.
Kia Motors: the Latest Victim
A major automobile manufacturer Kia Motors America is the latest victim of these increasing ransomware attacks in the manufacturing sector. The DoppelPaymer ransomware has taken control of Kia Motors’ data, hitting the automaker with a significant ransom demand. According to a post on Bleeping Computer, DoppelPaymer is demanding 404 bitcoins worth approximately $20 million to prevent the leak of data and receive a decryptor. If the ransom is not paid within a specific time frame, the amount increases to 600 bitcoins, or $30 million.
“Unfortunately, these types of attacks are becoming all too common. DoppelPaymer and others are immensely profitable when they target large organizations and disrupt their critical IT operations,” says Andrea Carcono, co-founder of Nozomi Networks. He believes that these ransomware scenarios should be factored into an organization’s incident response and business continuity plans. Moreover, beyond a technical response, business owners need to be prepared to weigh the risks and consequences of alternative actions.