What is ransomware? Ransomware is a form of malware that locks or encrypts data until a ransom is paid, which may or may not give the victim access to the files again. This type of malware has increased during the past couple of years, and we have seen a number of examples in the media of companies who have been attacked. But what can the effects be when you are struck by a ransomware attack? And what can be done to minimise the consequences? We will go through some cases of recent ransomware attacks, and what effects they had, in this blog post.
What is ransomware?
Ransomware is a kind of malware that infects the victim’s systems. The malware encrypts the data so that the systems cannot be used, and the files cannot be opened by the user. In the case of ransomware, the attackers demand a ransom in the exchange for unlocking the systems and decrypting the data again – however, there is no guarantee that the attackers stick to their promise.
Vestas data leakage
In November 2021, the Danish wind turbine maker Vestas was the victim of a ransomware attack. The attack led to the company having to shut down parts of their IT systems to make sure that the attack did not spread. Luckily, they were able to continue operations – something that can cause high economic loss if not possible during an attack.
However, it was later disclosed that information had been stolen during the attack – about 7000 documents. Some of the stolen data was published and contained personally identifiable information (PII) such as names, addresses, but also bank details and social security numbers.
The largest effect of this ransomware attack was stolen data being published. Even if you manage to get your IT systems up and running after an attack, the attackers might have stolen or altered data. In this case, they can offer a ransom to hand the data back or to promise not to publish/sell it online.
Shut down of important IT systems in Kalix municipality
Kalix municipality in Sweden was also the target for a ransomware attack during December 2021. The attack shut down the IT systems of e.g. payment and email, and the heating and ventilation of one fourth of the municipality’s facilities. Many functions were struck, such as health care centers not being able to reach digital journals and medication lists.
Hence, the effects of the ransomware attack were different from the Vestas case, as Kalix municipality had larger problems with shut down systems, affecting the social functions in society, rather than stolen and leaked data. This situation can be compared to the large attack against Coop in July 2021. 800 Coop stores were forced to close for several days due to an IT attack that shut down their payment system. The attack was part of a larger global event targeting the American software company Kaseya.
What can you do to prevent the consequences of a ransomware attack?
Secure IT/OT integration
It is difficult to guarantee that no malicious content can enter your IT network. But what is important is that your most sensitive and vital information is protected, or that your operations can continue despite an ongoing attack against your IT network and systems. By creating a secure IT/OT integration, you make sure that your OT systems are protected during a ransomware attack. Historically, OT systems were often entirely standalone. However, the need to connect OT to other systems has grown with the digitalisation of society. IT and OT are therefore connected, and similar technology is often used in IT and OT. The different needs in IT and OT can easily lead to challenging technical conflicts. Read more about secure IT/OT integration!
Physical separation of IT and OT using zoning
Separating IT and OT into separate segments helps avoid vulnerabilities or disruption in IT affecting OT. To avoid risks as a consequence of mistakes in configuration or function, physical segmentation (zoning) should be used. This means that separate hardware is used for IT and OT.
Read more on how to create a secure zoning!
Use data diodes in the zone border for outbound data flows from OT
The most secure way to connect an integrity sensitive data network to other systems is to use data diodes. All data flows from OT that can be managed with data diodes involve a simplified security analysis, quite simply because a data diode is so secure and easy to analyse. Or, more correctly, because it has such high assurance.
Read more about IT/OT integration!
Sanitise files before transfer or import
It is important to make sure that you sanitise files before importing them to your network or systems, to minimise the risk of importing malicious content.
Advenica’s File Security Screener is a Cross Domain Solution that guarantees separation of connected networks in combination with efficient and automated counter measures for malware. The solution uses multi-scanning – an advanced threat detection and prevention technology that increases detection rates, decreases outbreak detection time and provides resiliency to anti-malware vendor issues. It enables import of data into secure, isolated networks without compromising security. This is done through the purpose-built data diodes from Advenica that ensures separation between different import sources.
Want to know more about how we can help you with your cybersecurity?
Read more about how you can protect yourself against cyberattacks!