Sitting ducks? Manufacturers targeted in vicious ransomware attacks

This article was co-authored by William Finnerty, Trainee Solicitor

Ransomware is one of the top threats for manufacturers in 2020. There have been an increasing number of targeted and paralysing attacks against European-based global producers, as evidenced by Picanol’s announcement last week.

Attacks which were traditionally sporadic and indiscriminate are increasing within the manufacturing industry with an alarming frequency and in a more coordinated manner. By working in organised criminal syndicates to research and target their victims, hackers are exploiting the vulnerabilities of the industry to maximise potential disruption and cause billions of pounds worth of lost productivity, ransom pay-outs and damage. Manufacturers must be more vigilant than ever and evaluate their cybersecurity infrastructure to protect against this new and amplified level of threat.

Against this increased risk, this month the High Court has given a small glimmer of hope to those targeted by ruling that there is the potential for corporations to recover certain ransom payments made.

Ransomware: the modern threat to manufacturing

Ransomware remains among one of the most pervasive malware variants and is one of the biggest modern threats to the manufacturing industry. It has the potential to result in billions of pounds worth of lost production time and ransom pay-outs.

Over the last 18 months, the manufacturing industry has been the target of an unprecedented number of coordinated ransomware attacks, some through organised criminal syndicates, and remains the second largest focus for cyber attacks out of all industries.

Only last week, Brussels-based manufacturer Picanol announced that a team of hackers demanded an unspecified ransom payment after shutting down their textile-weaving operations. The attack resulted in the suspension of the company’s listing on the Brussels stock exchange and brought Picanol’s global operations to a standstill.

The scope of the threat

Picanol is not alone. Attacks occur across the manufacturing industry and are not confined to one particular sector or jurisdiction, although the majority of the more recent attacks seem to originate in continental Europe.

During the recent WannaCry/NotPetya ransomware campaigns, numerous manufacturers reported losing hundreds of millions of pounds in damage. Victims included Merck (pharmaceuticals), Nissan / Renault (automobiles), TSMC (mobile phone parts) and Mondelez (food & beverage). In 2019, manufacturing giants such as Norsk Hydro (aluminium), Aebi Schmidt (vehicles) and ASCO (aircraft parts) were targeted by ransomware attacks.

Vulnerabilities for manufacturers

Whilst most sectors of the manufacturing industry continue to take proactive steps to stay ahead of the curve in terms of product innovation and tech, much of the existing framework is not supported by commensurately robust cybersecurity and will require a wholesale industry re-evaluation in light of the rapid evolution of cyber threats.

The global footprint and employee count of most manufacturers makes them a relatively easy target for hackers, as advanced ransomware requires the mistake of only one employee to penetrate a firm’s global network.

It is critical that manufacturers take proactive steps in preventing/mitigating cyber breaches. Steps include:

  • Patching operating systems and user applications
  • Implementing rigorous data-sharing standards
  • Utilizing multiple servers/networks
  • Harmonising international software and cybersecurity standards
  • Creating a robust strategy in the event of an attack.

Taking these steps will reduce the odds, territorial scope and longevity of a potential attack and send a clear message to hackers that manufacturers are no longer sitting ducks.

Direction of travel?

On 17 January 2020, a High Court decision involving cryptocurrency exchange Bitfinex and an unnamed firm targeted by ransomware hackers confirmed that there is potential for corporations to recover payments made via traceable cryptocurrencies through equitable remedies (injunctions/specific performance) granted by the courts (AA v Bitfinex [17.01.20]).

Though this is not the court’s way of endorsing ransom pay-outs, this is encouraging news for any manufacturer(s) who may become the victim of a ransomware attack where the ransom is paid to a traceable third-party cryptocurrency wallet.

Related items: