The Growing Ransomware Economy and How To Defend Against It
Written by Melinda Corley, Product Marketing Manager, AVEVA
Last year, Ransomware payments reached a billion dollars – an increase of over 4,000% from the previous year. We learned in Carbon Black’s recent report on the ransomware economy that those staggering numbers may only represent the tip of the iceberg.
The paper shows evidence of a 2,502 percent increase in ransomware software sales this year over last year’s, and estimates that there may be 6,300 marketplaces where ransomware can be bought and sold. This may represent roughly $6.2 million in sales for the burgeoning ransomware economy.
While early ransomware attacks mostly targeted hospitals, airlines, and service industries like hotels, there are growing concerns that the software will be turned more often to critical infrastructure and manufacturing where downtime could damage equipment or put lives at risk. The WannaCry ransomware virus notoriously hit everything from gas companies to automotive manufacturers.
What Can Industry Do?
The best way to avoid ransomware is to practice good cybersecurity habits and enforce them. This means gaps and firewalls between control and IT networks, and good company policy that prevents operators from clicking suspect links or visiting dangerous websites on company machines. It means protecting the system from personal mobile devices, and ensuring that patches and software updates are installed regularly.
However, in the event that you are breached with ransomware, frequent backups may help provide a contingency plan. Backups that can be uploaded automatically to the cloud will help prevent ransomware from infecting local shared network drives. Any hard drives or computers used for backups should be connected only when backing up information and then disconnected when it is complete. Multiple forms of backups will help ensure that reports, records, recipes, and other process data are available in the event that operators are locked out of the system.
AVEVA Edge offers multiple ways to ensure you can still access your process with thin clients. The Secure Viewer Thin Client might prove a good solution for safely accessing your SCADA or HMI on a ‘clean’ machine. Using the Studio Mobile Access client would also allow operators to access machines via web browsers that support HTML5.
If an infection occurs, it’s also important to have protocols in place that will allow you to disconnect infected computers to prevent the infection from spreading to the entire network.