This year, the number of publicly documented ransomware attacks on the manufacturing sector has surged. This is due to the constant evolution of threat actors in finding ways to halt operations by impacting the infrastructure supporting industrial processes. Crypto-ransomware groups are adopting tools and malware that can completely disrupt operational technology, such as industrial systems.
Multiple ransomware strains adopting ICS-aware functionality have been found by Dragos researchers. One of the functionalities includes the ability to kill industrial processes. For instance, Clop, EKANS, and Megacortex are some of the ransomware variants containing this code.
What does this imply?
Although a threat actor may steal data solely for financial purposes, attackers targeting the manufacturing sector especially could leverage the stolen data to assist in attack development.
- Compal underwent a ransomware attack by the DoppelPaymer gang. The attack disrupted around 30% of the firm’s network.
- Steelcase, the office furniture giant, suffered a Ryuk ransomware attack, forcing the business to shut down its global operations for almost two weeks.
Stay safe but how?
- Conducting reviews to detect all connections, assets, and communications between OT and IT networks.
- Implementation of Multi-factor Authentication (MFA).
- Enforcing industrial-specific threat detection mechanisms to recognize malware and taking necessary actions.
The bottom line
Experts anticipate the manufacturing sector to witness more ransomware attacks as the cybersecurity defenses are less sophisticated as compared to other sectors. Thus, it is the perfect time for the manufacturing sector to improve its cyber defenses to prevent disruption of security and services.