When the number of ransomware attacks dropped in 2022, everyone breathed a sigh of relief. Cyber insurance rate hikes cooled, and business owners hoped the worst was over. Then, 2023 brought a resurgence in ransomware. Supported by new AI tools, the new wave of cyberattacks could be the worst yet – and manufacturing companies are a prime target.
The Return of Ransomware
Ransomware never really left, but it did become quieter for a while. According to a report from Black Kite, ransomware activity stagnated in 2022 amid ransomware gang shutdowns, international sanctions, and other factors. However, ransomware attacks resurged in 2023 as new ransomware gangs emerged. The number of ransomware attacks in March 2023 was double the number in April 2022.
Ransomware Hackers Are Changing Their Tactics
The Black Kite report also found that hackers are changing their tactics, with encryption-less ransomware becoming more common. In traditional attacks, hackers encrypt data and then demand a ransom to decrypt the data. However, Axios says ransomware hackers have started stealing data and demanding an extra payment to prevent them from publishing it online. Some hackers have stopped using encryption altogether, which allows them to carry out faster attacks.
When victims face an encryption-less attack that focuses on extortion, they can’t simply ignore demands because they have backup files. Although it’s still smart to maintain secure backups, doing so won’t protect your data from leaks.
According to Forbes, hackers are also using intermittent encryptions to get around endpoint security and other cybersecurity defenses. This encrypts only small blocks of a file, rendering the file useless while keeping its structure intact, which makes it harder for security products to detect a problem.
Hackers Are Targeting Manufacturers
Black Kite says manufacturing is the most frequently-targeted industry, accounting for 19.5% of all ransomware attacks. This is in line with what IBM Security X-Force found: according to the X-Force Threat Intelligence Index 2022, the manufacturing sector accounted for 17.7% of attacks in 2020 and 23.2% of attacks in 2021.
According to Industry Week, hackers like targeting manufacturers for the simple fact that manufacturers often pay. An attack can cause damage if it targets equipment, which can lead to supply chain problems. Since taking just a few production lines for a few days can mess up schedules, manufacturers often pay up to avoid problems. Comparitech estimates that ransomware attacks have cost the manufacturing industry $46 billion in downtime alone since 2018.
As a recent example, Cyber Security Hub says a Russian ransomware gang targeted a Taiwanese manufacturer and Apple supplier. The hackers demanded $70 million, threatening to publish the data as well as network points of entry and login information if the company didn’t pay.
New AI Tools Could Make Attacks More Common and More Powerful
Hackers could use new AI tools to launch a new wave of ransomware attacks.
According to IBM Security X-Force, phishing is the top infection vector, accounting for 41% of infections in 2021. The problem could become worse in the near future. The Wall Street Journal warns that hackers can use chatbots like ChatGPT to create more effective phishing and spear-phishing messages.
According to TechTarget, low-skill hackers may be able to abuse ChatGPT to create malware. This could add to the total amount of malware out there, making attacks even more common.
How Manufacturing Companies Can Reduce Risk
Manufacturing companies have a big target on their backs. You need to be proactive about managing your risks.
- Maintain secure backups. Having backups will not prevent ransomware or keep a hacker from selling your data, but you may need the backups if a hacker encrypts or corrupts your files. To prevent your backups from becoming infected along with the rest of your system, store them on an external hard drive that is not connected to the network.
- Keep your system secure. This involves using multiple security tools, such as firewalls, antivirus software, and spam filters, as well as making sure you have the latest versions of programs and current patches. Configure your system using the principle of least privilege. Use strong passwords with multifactor authentication.
- Conduct ongoing training. Hackers often target humans – not computers – with phishing and other social engineering schemes. Since new AI tools could make these attacks even more effective, you need to provide ongoing training to help workers identify phishing attempts. You can test your employees with phishing simulation tests to see if they fall for fake attacks.
- Be ready with a cyber response plan. Consider what physical damage and disruption could occur if a ransomware attack shut down your operations. Determine what you will need to do, what resources you’ll have available, and who will be in charge of what tasks.
- Obtain cyber insurance. If your company suffers a ransomware attack, cyber insurance can help with the resulting costs and business interruption losses.
RiskPoint’s manufacturing and distribution insurance program offers cyber liability insurance as well as other coverage solutions to help keep your operations running smoothly. Learn more.