June 14, 2019

Ransomware strikes again, this time shutting down operations of a major airplane parts manufacturer and risking the jobs of up to 1,500 people in four countries.

Belgium-based ASCO Industries has been severely hit by an attack that started last week.

The company’s four manufacturing plants in Belgium, Germany, the US, and Canada have been temporarily closed after its systems were shut down by the malware.

The incident has reportedly disrupted product deliveries to customers and impacted roughly 1,000 employees, who have been placed on temporary leave.

ASCO customers include Airbus, Boeing and US defence contractor Lockheed Martin, who will all likely see their supply chains and manufacturing timelines disrupted as a result.

It may well be that the company has said no to the blackmailers – and if that’s the case we applaud their bravery. But the attack highlights again how powerful and dangerous ransomware can be.

Breaches as a business killer

Why was ASCO targeted? Greed is the likely answer, though as part of the defence industry ecosystem there could well be political intent behind disrupting the operations of a key aerospace contractor.

Whatever the motivation, the attackers have made good on their threat.

  • Operations have ground to a halt
  • key business relationships have been jeopardised
  • People are out of work

And the full impact has yet to be felt. Imagine the devastating commercial damage should an Airbus or Boeing shift all or part of its business to an alternate supplier.

For now: over a thousand employees are now on extended layoff. Belgian employment law offers some compensation — workers will be able to claim temporary unemployment benefits — but not at 100% of current salary.

The knock-on effects of personal and financial stress, and disruption to people’s lives, will take a different kind of toll.

All that damage, from just a little bit of code.

Technical and human exploits

ASCO was purchased by another company last year, and cybercriminals will often focus on organisations while they’re in mid-merger, looking to exploit weaknesses that occur while IT systems are being harmonised.

Even when technical exploits can’t be found, malware infections can be enabled by human error.

  • IBM says people-borne ‘insider threats’ are actually the bigger worry, accounting for 60 per cent of cyber attacks.
  • Freedom of Information requests sent to the UK Information Commissioner’s Office show that employee error caused nearly half of all breach incidents reported over the last three years.
  • According to the Ponemon Institute, security breaches caused by employees and contractors cost the average business as much as £6.9 million per year — more than twice the average cost of other breaches.

With their access to systems and facilities, insiders have the power to leak intellectual property, disrupt operations, damage company reputation, and expose sensitive information to third parties.

This can happen maliciously, or as happens in most cases – as a by-product of carelessly sharing passwords, clicking questionable email links, leaving USB sticks lying around, or being generally lax in observance of security policies.

Better training is key to tackling the intentional and unintentional types of insider threat, both to make staff aware of their own actions and sensitise them to signs of adverse behaviour in others.

Saying no to blackmail is great – but you need a backup plan

When it comes to ransomware, prevention is better than hoping for a cure.

Some organisations will opt to pay up – but that’s risky. One study suggests that fewer than 20 per cent of organisations who paid to have their files de-encrypted in the last two years actually got them back.

Company size and big IT budgets can’t fully protect any organisation. With breaches becoming a standard business risk, preparing for them needs to be part of standard business planning.

If you want to avoid having to decide between paying ransom or shutting down operations, we’d suggest the following:

  1. Have a full backup at the ready: Cleaning up infected hardware and re-populating information across systems will still take time, but you’ll know that you can continue operating with minimum disruption if a catastrophic infection occurs.
  2. Have a business continuity and recovery plan: Test your backups and be sure they work. Have a manual process for continuing key services. Run simulations to identify any weaknesses in the plan.
  3. Update. Update. Update: Install patches and operating system updates as soon as prompted.
  4. Implement security training: most malware infections find their way into systems off the back of a phishing campaign. Training employees to spot a phishing attack can be one of the most effective ways to keep ransomware out and data safe.

Cybersecurity is about people as much as technology. If you can raise visibility across the organisation of the security risks that can lead to ransomware infection, you also raise the bar for attackers.

An effective security awareness training program is one of the best ways to ensure that everyone in the organisation has an appropriate level of know-how about security – and takes on a level of personal responsibility.

It’s harder to breach an organisation when people are clear on company security policies, and empowered with the knowledge they need to spot an attack.

Want to learn more about empowering employees with security awareness training?  Sign up for a free demo and find out how we’re already helping organisations just like yours.

Share this: