Bluestreak Reading Time: 4 minutes
Ransomware Facts, Threats, and Countermeasures
Ransomware is a type of malware cyber criminals use to infect computers and encrypt computer files until a ransom is paid. After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.
Don't be a Victim of Ransomware-Your Files are Encrypted!
To mitigate the ever-looming threat of ransomware, it is paramount to proactively secure networks and systems. Initiating a well-defined Incident Response Plan lays the groundwork for timely and effective actions in case of breaches. The importance of regular backups cannot be overstated; they must be performed consistently and stored on separate devices, ensuring data integrity even if the primary systems are compromised. Leveraging robust antivirus software provides an essential defense layer against malicious payloads. Additionally, staying vigilant about keeping all system patches up-to-date eliminates vulnerabilities that ransomware might exploit. Wherever feasible, internet access should be restricted to minimize exposure points. Adhering to the principles of least privilege ensures that only the necessary and minimal access rights are granted to users, thus reducing potential damage avenues. Lastly, it's vital to comprehensively vet and continuously monitor all third-party providers, ensuring that their security standards are on par with the organization's, as these can often become unintentional gateways for attacks.
Ransomware attacks have become increasingly common, targeting companies, municipalities, and institutions of all sizes around the world. Paying ransoms can be controversial, as doing so may incentivize cybercriminals.
It's important to note that not all ransom payments result in the safe return of data or the restoration of systems. Some organizations pay and still face prolonged disruptions or find that their data has been permanently damaged or sold. Consequently, many experts advise against paying ransoms and recommend focusing on prevention, backup strategies, and post-incident response plans.
Here are a few real-life instances where organizations have paid ransoms in response to cybersecurity attacks:
Colonial Pipeline (2021)
Victim: The largest fuel pipeline in the US.
Ransom Amount: $4.4 million in Bitcoin.
Outcome: The U.S. Department of Justice later recovered a portion of the ransom payment. The attack disrupted fuel supplies on the East Coast for several days.
Victim: GPS technology and wearable device manufacturer.
Ransom Amount: The exact amount is not publicly disclosed, but reports suggest it could be up to $10 million.
Outcome: The company experienced a multi-day outage affecting its online services, aviation databases, and customer support.
Victim: A foreign currency exchange company.
Ransom Amount: Reportedly around $2.3 million.
Outcome: The ransomware incident led to a prolonged outage of the company's services, impacting both its online and in-store systems.
Hollywood Presbyterian Medical Center (2016)
Victim: A hospital based in Los Angeles, California.
Ransom Amount: $17,000 in Bitcoin.
Outcome: The hospital's computer systems were down for more than a week, affecting patient care and day-to-day operations.
Lake City, Florida (2019)
Victim: Local government of Lake City.
Ransom Amount: Approximately $460,000 in Bitcoin.
Outcome: The city's insurer paid the ransom, but the attack disrupted email systems and hindered public services.
University of California, San Francisco (2020)
Victim: One of the leading universities and health centers in the US.
Ransom Amount: Over $1 million.
Outcome: While the attack didn’t affect patient care, it did compromise important research data, prompting the university to pay to prevent its loss.
Similar to combating various malware types, meticulous measures combined with top-notch security software are crucial in fighting ransomware but if you become a victim of a ransomware attack despite these preventive and protective measures, you can find more information here on how to get rid of the malicious software.
About the Author
Joe Coleman is the cybersecurity officer at Bluestreak Consulting™, a division of Bluestreak | Bright AM™, and a regular editorial contributor for several trade publications providing technology, tips, and news for manufacturers. Joe has over 35 years of diverse manufacturing and engineering experience. His background includes extensive training in cybersecurity, a career as a machinist, a machining manager, and an early additive manufacturing (AM) pioneer. Contact Joe directly at email@example.com.
About Bluestreak™ Bluestreak™ is a powerful Manufacturing Execution System (MES) and a fully integrated Quality Management System (QMS), designed for the manufacturing environment and service-based manufacturing companies ( metal-treating/powder-coating, plating, heat-treating, forging, and metal-finishing), businesses that receive customers’ parts, perform a process (service) on them, and send those parts back to the customer). Companies need MES software tailored to specific functionality and workflow needs such as industry-specific specifications management, intuitive scheduling control for both staff and machinery maintenance, and the ability to manage work orders and track real-time data. If different work centers on the production floor aren’t “speaking” to each other via the MES, the data loses value and becomes disjointed or lost in disparate silos.
Bluestreak | Bright AM™ is an MES + QMS software solution specifically designed to manage and optimize the unique requirements of Additive Manufacturing’s production of parts and powder inventory usage.