BLOG

Here we share our expertise, learnings and news

MORE BLOG POSTS

Ransomware

Under how much THREAT is industrial security and how are companies defending themselves?

CONTENT

Nine out of ten companies are affected by cyber-attacks. More than a third of these attacks are carried out by ransomware. (Bitkom Research 2021 / X-Force Threat Intelligence Index, IBM, 2022)

For attackers, manufacturing companies are the most interesting victims today as they are a very lucrative target: availability is the highest asset for these companies – the longer a production stands still, the bigger the loss of revenue. The strong suffering creates a high chance for attackers to quickly obtain ransom.

In this blog, we would like to educate manufacturing companies about the topic of ransomware and provide tips on how to prepare for the worst-case scenario, an attack. Because the question is no longer IF an attack will take place, but WHEN it will take place.

Ransomware …

  • refers to malicious programs (malware) that restrict or prevent access to data and systems.
  • is based on the principle that release only occurs against payment of a ransom.
  • attacks the security objective of availability in the form of malware that encrypts data.
  • is a type of digital extortion.
  • often results not only in a ransom demand, but also in the threat to release sensitive data.

How do I recognize ransomware?

In order to be able to react immediately with countermeasures in the event of an attack and thus keep the damage to a minimum, it is helpful if you and your employees are able to recognize an attack as such as quickly as possible. To do this, it is important that you and your team know the indicators of an attack.

With the exercise below from one of our cybersecurity trainings, you can playfully learn which activities and changes can come from a ransomware attack. Try to match where the indicators occur – with employees or administrators:

How do I proceed in the event of an attack?

You or your employees have detected an attack. That’s good. But what next?

The VDMA (Verband Deutscher Maschinen- und Anlagenbau) has published an emergency guide to ransomware attacks. The measures in this guide serve 3 core objectives that you should always keep in mind:

  1. damage control
  2. finding and closing the infection vector
  3. setting up the systems and restoring the data

Here is a brief summary of the measures you should take as soon as you have noticed an attack:

  • 1. Take first quick measures
  • Remain calm and act in a considered manner.
  • Time-stamp all activities, who was responsible, and what happened.
  • Take a picture of the ransom note, note the device and time.
  • 2. Act professionally and proactively
  • Communicate openly and professionally, both externally and internally.
  • Establish a crisis team to coordinate and de-escalate all activities.
  • Decide whether a forensic investigation should be conducted by an expert.
  • File police criminal charges to identify and convict the perpetrator.
  • 3. Initiate emergency steps on the device.
  • Do not log in with admin privileges as your network may be monitored.
  • Disconnect the network connections.
  • Put the device into hibernation mode to preserve memory.
  • 4. Take emergency steps on the network
  • Disconnect all network connections and turn off wireless networks.
  • Turn off client remote access points.
  • Disconnect IT endpoints from the network.
  • Use log files and metadata to identify affected systems.
  • 5. Be careful with core systems, file servers, and databases
  • Protect core systems by isolating them.
  • Prevent or restrict user access to mission-critical systems.
  • Identify the user with the most open files.
  • Block write access to files for all users.

You may be thinking: Why all the effort? Who can tell me that the countermeasures will be successful, and production can continue? The measures will incur costs anyway, so why not just pay the ransom?

There are some cons against paying the ransom:

  • The probability of another attack increases because your company will be seen as easy prey.
  • You finance the further development of the malware and encourage its spread.
  • You motivate the attacker to attack other companies.
  • You have no guarantee that the decryption will work or that the leaked data will really be deleted.

Now you know how to quickly detect an attack and what actions you should take if you were attacked. But it is still best if

  1. an attack does not happen at all or
  2. your company and your employees are so well prepared for an attack that that only very little damage can be done to your production.

We have listed what you can do about this in advance in a white paper.

White Paper
INDUSTRIAL SECURITY THREAT RANSOMWARE

DOWNLOAD FOR FREE

OR you take the initiative now and train your employees in a company-specific training and prepare them practically for the “what-if scenario”.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Don't miss a thing

Subscribe to our newsletter and get the latest news on events, programs and more!

We're committed to your privacy. University4Industry uses the information you provide to us to contact you about our relevant content, projects, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

More of this topic

About us

How we work

Team

Career

Additional Offerings

Industrial IoT & Connectivity

IT & OT Security

Blockchain

Conversational AI Design

Your Coding Camp

Your Software Developer Onboarding

Self-Service E-Learning

LEGAL

Imprint

Cookie Banner

Privacy Policy

Disclaimer

follow us

Follow us on social media to get all our latest updates.

Linkedin Facebook Twitter Youtube Instagram

Listen to our Podcast
 DIGITAL4LEADERS

Spotify Podcast

© 2024 Education4Industry GmbH

EXCLUSIVE INSIGHTS: STATUS QUO BLENDED LEARNING - DOWNLOAD FOR FREE
WHITE PAPER: INDUSTRIAL SECURITY THREAT RANSOMWARE - DOWNLOAD FOR FREE
INFOGRAPHIC: DIGITALIZATION, DECARBONIZATION, DEMOGRAPHIC CHANGE - DOWNLOAD FOR FREE

WHITE PAPER
INDUSTRIAL SECURITY THREAT RANSOMWARE: WHAT CAN YOU DO NOW?

Free Checklist

Almost every day, well-known companies find themselves in the headlines because they have been the victim of a cyberattack. For a long time now, security training and the development of measures have no longer been about the question of whether one will be affected, but when and to what extent. However, this does not mean that manufacturing companies should just sit and wait until the time comes. In this paper, we have listed what companies can do in advance to delay attacks and be as resilient as possible to attacks.

Sign up now to learn what you can do ALREADY to prepare best for a possible ransomware attack.

After you filled out the form, you will receive an email from us with the free white paper. Please check your spam folder in case your message got stuck there. Please

Schedule an appointment now

Would you like to learn more about our approach?

Have a conversation with one of our experts
about how we as your partner could support you.

By entering your email address, you will accept our privacy policy and receive a confirmation email. Through this email, you have the chance to subscribe to our regular updates. Without your permission, you will not receive our newsletter.

Jetzt Termin vereinbaren

Sie möchten mehr über unseren Ansatz erfahren?

Sprechen Sie mit einen unserer Expert*innen,
wie wir Sie als Partner am besten unterstützen dürfen.

Wenn Sie Ihre E-Mail-Adresse eingeben, akzeptieren Sie unsere Datenschutzbestimmungen und erhalten eine Bestätigungs-E-Mail. Mit dieser E-Mail haben Sie die Möglichkeit, unsere regelmäßigen Updates zu abonnieren. Ohne Ihre Zustimmung werden Sie unseren Newsletter nicht erhalten.