Ransomware rising – how to keep production lines humming in face of growing attacks

Opinions expressed in this article are those of the author.

This article is by Jamie Humphrey, Managing Director at Rubrik A/NZ

As production line processes are increasingly automated and data-driven, Australian manufacturers have become a favourite target of ransomware attackers.

While the benefits of manufacturing automation are profound – increased efficiency, quality, and cost control key among them – these processes can only work with stable and consistent access to data.

As a result, data is the lifeblood of many manufacturers and this is what makes the industry so attractive to ransomware groups.

This year alone, a number of Australian manufacturers have fallen victim. BlueScope’s Australian manufacturing operations were impacted due to a ransomware attack, as were those of beverage giant Lions who warned of beer shortages while they fought to return operations to normal. Further, the logistics processes of Toll Group ground to a halt in the wake of two consecutive ransomware attacks earlier this year.

In a ransomware attack, hackers typically trick an employee into opening an email which contains the malicious software (malware). Once opened, the ransomware encrypts as much of the organisation’s data as it can, rendering it impossible to access without a decryption key.

The attackers effectively hold an organisation’s data hostage, and demand a ransom be paid – generally in bitcoin or another cryptocurrency – to receive the decryption key and regain access to data.

Cyber attackers know that without data, production grinds to halt. Every hour a manufacturer loses causes untold damage to the bottom line which is why the industry has found itself in the crosshairs. Recent reports suggest that not only is Australia’s manufacturing industry considered ‘low-hanging fruit’ by cyber attackers, the average amount of downtime following an attack is 16 days. Rather than face losing weeks of production, many might simply bite the bullet and pay the ransom to have their data restored.

Paying attackers to restore data, however, is a huge gamble. In fact, the Federal Government’s Australian Signals Directorate explicitly recommends against it. If a thief broke into your business, stole your equipment, then demanded payment to have your goods returned, would you trust them to act in good faith? I wouldn’t either.

Although there is no ‘silver bullet’ to protect against falling victim to ransomware, there are strategies to ensure the disruption to business in the event of an attack is minimised. Foremost among them is restoring operations from back-up data.

Maintaining frequent back-ups is recommended by both the Australian Cyber Security Centre and the Australian Signals Directorate as a way to guard against ransomware attacks. The more often critical data is backed up, the easier it is to restore operations from a point in time just prior to the infection.

In other words, with a comprehensive back-up strategy, businesses can simply turn back the clock and continue production as if the attack never occurred. The more frequently data snapshots are taken, the quicker services can return to normal.

Such a strategy proved pivotal for Queensland-based Langs Building Supplies. In June 2016, the business was infected by the CryptoLocker ransomware after an employee fell victim to a phishing email. Within minutes, thousands of the company’s files were encrypted.

Because Langs had a well-defined data management policy and immutable back-up solution, they simply restored operations in approximately one hour without having to pay the ransom.

As Matthew Day, Chief Information Officer at Langs Building Supplies, said at the time: “Since we plan for these failures, this threat was reduced to a minor inconvenience. The next day, it was like nothing happened.”

This ability to rapidly regain operations following an attack is the best strategy businesses have against cyber attackers.

Unfortunately, ransomware isn’t going anywhere. It’s incredibly lucrative for those behind them, with attacks estimated to have cost Australian businesses more than $240 million in 2019. Despite the disruption ransomware can wreak, a recent government survey found that 24 per cent of Australian businesses didn’t know what ransomware was.

As manufacturers increasingly take advantage of the massive business benefits from automating production processes, its critical to also be aware of the risks of losing access to the data that drives those investments.

Today, data is the lifeblood that keeps production lines humming. Should a ransomware attack bring conveyor belts to a halt, back-ups ensure the humming restarts as quickly as possible.

This article is by Jamie Humphrey, Managing Director at Rubrik A/NZ