Manufacturing Under Increased Attack from Ransomware | Waterloo Study Reports

Robert Jolliffe, Owner, MicroAge Kitchener

Attacks from ransomware are on the rise, as reported regularly on the news. The most obvious of these attacks was the Colonial Pipeline ransomware attack in the United States this spring. This attack shut down deliveries of gasoline and heating oil all across the Eastern USA.

A new report from Waterloo-based eSentire has found that six foreign “gangs” have claimed over 290 victims and $45 million dollars in ransom in just the beginning of 2021. These six gangs (to be fair, these are organized crime syndicates) are not the only groups that are using ransomware to extort money from businesses. The Dark Web (unlisted websites and communities dedicated to criminal activity) actively sells ransomware starter kits and gives advice to those would-be hackers who want to collect from unsuspecting businesses.

The size of ransom demands is increasing also. A 2020 report from Coveware found that ransomware payments (the amounts criminals demand to unlock your systems) have increased dramatically since 2018. These average demands have increased from well below $10,000 to over $100,000 over just 2 years.

Insurance Is Getting Out of the Ransomware Business

Insurance companies are suffering badly from ransomware, and they are starting to get out of the business of providing Cyber Insurance. For instance, AXA, one of Europe’s top 5 insurance companies, announced recently that it is suspending insurance coverage for ransomware extortion payments. If insurance companies will not cover the costs of these payments (AXA cited the rapid rise in costs as a reason) this will result in bankruptcies of small businesses throughout the world.

According to a paper released by the Institute for Security and Technology (Combatting Ransomware) the average business experiences 21 days of downtime due to these attacks, and takes almost a full year to recover completely. The average payment has now risen to $312,493 USD in late 2020.

Unfortunately, authorities have no ability to stop these attacks. The wide open nature of the internet, and the deeply connected computer systems used by virtually everyone today makes ransomware a blight we are stuck with. If Insurance refuses to cover these costs, businesses will be in big trouble.

The State of IT Systems Makes Ransomware Inevitable

Ransomware attacks IT systems through end-users who are unaware they are letting the attackers in. Usually, this is through Phishing emails, where some staff member innocently gives the hackers access to the system.

Today’s ransomware attacker does NOT immediately go to work. They know that a lot of companies have done some basic steps to prevent an attack, so most of the time they evaluate the weaknesses in the system before they encrypt the business data.

Despite the increased knowledge of this crime, the reality is that far too many businesses still do not take this threat seriously. Ransomware is becoming so much worse because the targets are just so easy to attack.

At MicroAge, we often perform an audit for customers when we first work with them. We are shocked to find the number who do not actively check their backups, and for whom those backups have not worked in some time. We also find that most customers do not have up-to-date computer patches, despite thinking that this is taken care of. Even in those companies that have IT staff or have outsourced their IT, we find a large percentage are not actively monitoring and performing even basic maintenance activities.

Modern ransomware attackers start auditing your systems in a manner that’s not that different than we at MicroAge would do. They find out which machines are vulnerable, and if they can, they disable the safeguards that keep you safe.

Active Management is the Only Option

Active management of your IT systems is really the only option to really prevent Cyber Crime today. This requires a few tools, and the dedication of some time.

  • Companies need a Remote Management and Maintenance tool – often called an RMM.
    • These tools come in different levels with different capabilities. The best are about $15 to $20 per month per computer.
  • Someone needs to monitor this data, daily. Allocating about 1 hour per 50 computers is appropriate.
    • If the someone above does not have either an RMM or training to use it, this needs to be more like 8 hours a day.
  • You need a top-tier anti-virus, and ideally, an AI-powered tool to automatically shut down any encryption as it happens.
    • The good RMM tools and some Anti-Virus can detect “weird” activities and stop it – which also shuts off that users’ computer. Better safe than sorry.
  • Someone needs to spend time every day checking backups and at least weekly ensuring they are working and can be restored.
  • Someone needs to install security patches as they are released, at least to test them, then deploy them to your systems.
  • Turn on 2 Factor Authentication for everything you can. I know it’s annoying. Turn it on anyway.
  • Make sure you at least measure how often your staff falls for Phishing attacks. There are a variety of tools to achieve this. Make sure you are using one, and know where your weaknesses are.
  • Make sure that you regularly review your system and know what the newest threats are from

If you don’t have someone doing these activities (and most part-time people don’t really have the time to do it right) then you need to get on that right away. If you think this kind of thing won’t happen to your business – let me give you my number. You’ll need it sooner than later.

Subcontract Your IT Management If You Can’t Do It Yourself

Most companies with less than 50 computers are not able to afford a full-time staff member nor the software tools they should have to do their job. A good IT professional today is making over $80,000 a year once all their benefits and overheads are included.

If you find yourself in a situation where you do not have a full-time IT staff (and especially if they are working on high-priority, urgent business activities like getting product out the door) then take a serious look at outsourcing. There are lots of great companies in the Waterloo Region area that provide Managed IT Services. The term “Managed IT Services” basically means outsourcing the steps I outlined in the previous section.

Finally – Don’t Be Complacent

There is a reason the US Government, Canada, Europe, and most of the rest of the world are telling their small businesses to get serious about this. It is a tidal wave of pain coming and there are way, way too many businesses that don’t take it seriously.

If a ransomware attack does hit you, be sure you get help as soon as you can. Turn off everything – pull the main switch on the power. Call some professionals and hopefully, it isn’t too late.

Robert Jolliffe
Owner
MicroAge Kitchener

 

About MicroAge Kitchener

MicroAge Kitchener is an expert in industrial IT and supports Kitchener, Waterloo and surrounding areas. Services include application and server hosting, virus scanning, spam filtering, local and off-site backup solutions, network cabling and monitoring, security system access and monitoring, data migration, and virtual CIO services.  No matter the IT requirements, MicroAge is the single source partner that works towards finding the perfect solution for your business. To learn more visit www.microage-kitchener.ca, email us at sales@microage-kitchener.ca or call us at (226) 336-6259.