Cybercriminals who hacked 900 workstations at the San Francisco Municipal Transport Agency (SFMTA) the day after Thanksgiving demanded $73,000 in exchange for decrypting the data they froze. Specifically, they wanted to be paid in an unregulated, digital currency called bitcoin, said Paul Rose, a spokesperson for SFMTA.
That is standard operating procedure for a ransomware attack, the likes of which are on the rise in manufacturing, Fortinet warned when it publicized a report in June. Manufacturers are second in line behind healthcare networks as ransomware targets, the cybersecurity software developer said.
Between October 2015 and April 2016, cybercriminals launched more than eight million attempted attacks against 59 manufacturers in nine countries, Fortinet said. More than 70 percent of the attacks targeted manufacturers with more than 1000 employees, it added, naming none of the victims.
Ransomware attacks on manufacturers will have costly implications, including missed shipments, lost man hours, stalled production, revenue losses and, in the worst case, the closure of businesses, the firm said.
Ransomware infects a computer by encrypting the data on its storage drives and spreading to other computers connected to it. The process can begin spreading more rapidly when infected email attachments or files are downloaded on a computer network.
Typically, once the data is encrypted, a user is locked out of his computer and a ransom note is left promising to decrypt and release the data in exchange for money.
The SFMTA was able to avoid paying the ransom. “We were able to restore because we back up our systems,” Rose said, declining to provide specifics so as not to “create a roadmap” of his organization’s response procedures. Three days later, it had restored 75 percent of what was hacked, he said, noting that it turned to the FBI for help going forward.
SFMTA was fortunate in that operations were not impacted. Only email and payment services were disrupted, allowing passengers to ride for free.
The use of ransomware—one type of malware—is increasing across all sectors, including manufacturing, Amelia Estwick, program manager of the National Cybersecurity Institute at Excelsior College in Washington, DC, said. And the rise in ransomware is drawing more attention to bitcoin, which is just the latest mechanism “for that type of illicit trading,” she said.
Some security experts suggest manufacturers familiarize themselves with, and secure, bitcoin so that when they are attacked, they can respond immediately to keep operations going.
But Estwick advises against paying ransom altogether.
“The FBI wants to track things and get an understanding of possibly what variant you have in your system, so they don’t want you to pay the ransom,” she said.
Paying ransom can increase the likelihood of being victimized again in the same way, she asserted.
The growing number of devices people are using is one of the reasons ransomware is on the rise, Estwick added. “There are some people who think they can’t get ransomware on their mobile devices. We’ve seen increases in mobile-device ransomware. If you think about it, your computer is in your hand right now, right?”
To prevent attacks and avoid paying ransom, Estwick said, manufacturers can:
- Make sure applications and software on computers are up to date;
- Avoid clicking on malicious links and emails, downloading files with malware onto a system and going to unusual websites;
- Clear out spam folders;
- Update antivirus software, and
- Refrain from adding extra applications that can drain the system.
Using external hard drives doesn’t always prevent malware from infecting a computer, Estwick said. “If you have an external hard drive and it is connected to your computer and your computer gets infected, then your hard drive will, too. We tell people, ‘Don’t keep things plugged in. Keep your system isolated’” as much as possible.