Ransomware attack in the energy and utilities sector

The exponential growth of IoT devices in the energy and utilities industry has significantly increased the focus on cybersecurity. In this context, the energy and utilities sector faces unique challenges compared to other industries.

According to McKinsey:

“In our experience working with utilities, we have observed three characteristics that make the sector particularly vulnerable to contemporary cyber threats. First, there are a greater number of threats and actors targeting utilities: nation-state actors seeking to cause security and economic dislocation, cybercriminals who understand the economic value this sector represents, and hacktivists who want to publicly register their opposition to utility projects or broad agendas. The second vulnerability is the growing and increasing attack surface of utilities, arising from their geographic and organizational complexity, including the decentralized nature of many organizations’ cybersecurity leadership. Finally, the power and gas sector’s unique interdependencies between physical and cyber infrastructure make companies vulnerable to exploitation, including billing fraud with wireless “smart meters,” the hijacking of operational technology (OT) systems to stop multiple wind turbines, and even destruction.”

Let’s look at a common and highly profitable type of attack that could affect energy and utility companies: ransomware.

What is ransomware?

It is exactly as the name suggests: the attacker hides something valuable to the victim’s business until a ransom is paid for its return. Simply put: ransomware is extortion.

The ransom is usually requested in cryptocurrency due to its anonymity and ease of online payment – this translates to no traceability of the source or destination of the funds, a common tactic of cybercriminals.

Knowingly infecting a system with ransomware and requesting payment to unlock the system is a crime. Here, law enforcement agencies recommend against paying the ransom associated with ransomware. The idea is that, if the ransom is paid, the ransomware victim will be identified as an easy target for further cybercrime and the ransomware attack will be perpetuated against others.

Who is targeted by ransomware?

Cybercriminals look for the path of least resistance in their targets and attack companies that are easy targets. Ransomware is a business and perpetrators, like any good businessman, are looking for a strong return on investment.

The COVID pandemic demonstrated that cybercriminals are ruthless, show no mercy and will attack the most essential types of businesses: schools, churches and hospitals. These cybercriminals follow current events and will launch event-linked campaigns in the news and hope their target will take their bait and open an infected file, browse an infected web page or click on a malicious link.

No company is too small to be targeted by ransomware.

How does a company get infected with ransomware?

Just like in movies and TV shows, when a company is infected with ransomware, a screen will pop up that says something like “Your files are locked. Send XXXX bitcoins to this address by a specific date. If you don’t pay, we will delete / release your files.” Just like that. It may sound like something from a movie, but unfortunately, this scenario plays out in companies all over the world every day.

So, how do you get infected with ransomware? It’s fairly easy for the cybercriminal to break into a business. It can do so via:

– An email attachment in a phishing campaign in a PDF or Word document.

– An email link to malicious websites that, when clicked on, infect your system

– Infected websites that, through simple navigation to the site, can infect a device.

Seemingly innocuous tasks, such as opening an email, downloading an attachment or navigating to a website, can easily infect you with ransomware.

Why is ransomware used?

Ransomware is used because it works. Abruptly stopping your business is likely to be catastrophic. Without access to your digital assets and systems, your business cannot move forward and cybercriminals know this.

Cybercriminals use ransomware because they know it works. The ROI of ransomware makes the attacks worthwhile for the cybercriminal. Most companies pay for ransomware to avoid total business disruption.

Some simple ways to protect your business from ransomware attacks include:

– Email management: ransomware is distributed primarily by phishing. Use a tool or service to prevent phishing.

– Patch management: ransomware uses known openings in common software, such as productivity applications, to introduce infected websites. Make sure you are up to date with the software you use and continue to receive updates – software is constantly being updated.

– Anti-fraud tools: install these tools throughout your company to proactively scan for malware and prevent its installation on your systems.

– Backups: use the 3-2-1 method for backups:

3 – Make three copies of your data: the original and two copies.

2 – Use two different types of storage for the copies (this minimizes the possibility of failures)

1 – Keep a copy off-site: this minimizes natural or geographic catastrophes.

– And … back up your most important assets daily.

Ransomware is clearly a reason for the utility and energy industries to take cybersecurity more seriously. It could mean the industry must create new roles to fill gaps in business risk and IT departments, drive additional compliance and regulatory requirements, and generally increase the budget allocated to cybersecurity.

If your company lacks cybersecurity expertise right now, consider hiring tools like redborder for active and secure protection.