With ransomware attacks on high profile businesses like Colonial Pipeline and JBS Foods in the headlines, construction managers at organizations of all sizes are increasingly asking, “Are we vulnerable too?” or even “Are we next?”
According to the U.S. Cybersecurity & Infrastructure Security Agency, “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”
Although there are various measures that construction businesses can take to reduce the risk of becoming a ransomware victim—which can involve a loss of data and production for an indefinite period until it is resolved—managers shaken by the scope of the problem are increasingly turning to expert third party cybersecurity firms for guidance and protection.
Any Construction Business a Potential Victim
When Colonial Pipeline was targeted by the DarkSide gang in a ransomware attack this April, it disrupted gas supplies along the U.S. East Coast, causing widespread shortages in multiple states. Colonial Pipeline paid $4.4 million dollars in bitcoin to release their billing system and internal business network, although U.S. law enforcement later recovered much of the payment.
JBS Foods, one of the world’s largest meat processing companies, suffered a ransomware attack this May and paid an $11 million ransom. The Russia-based hacking group REvil is suspected to be behind the attack.
Global ransomware damage costs are predicted to hit $20 billion in 2021, up from $11.5 billion in 2019, $5 billion in 2017, and just $325 million in 2015, according to the Cisco/Cybersecurity Ventures 2019 Cybersecurity Almanac.
Cybersecurity Ventures, the world’s leading researcher and a trusted source for cybersecurity facts, figures, and statistics, expects that businesses will fall victim to a ransomware attack every 11 seconds in 2021, up from every 14 seconds in 2019, and every 40 seconds in 2016.
Concern over the danger to businesses has even risen to the international stage. NPR reports that at a recent summit in Geneva, “President Biden called on Russian President Vladimir Putin to crack down on cybercrimes. But the Russian leader has shown little interest in combatting an emerging criminal industry in his country that's called ‘ransomware-as-a-service.’”
In the battle against ransomware, the challenge is that essentially any construction business with older PCs, networks, firewalls, or operating systems is vulnerable, particularly those that do not immediately update to the latest software to “patch” security issues, according to Yuriy Tatarintsev, manager, Technical Operations at BTI Communications Group, an IT cybersecurity and technology convergence provider that services clients nationwide.
Safeguarding Construction Businesses of All Sizes
While keeping the entire construction business’s IT infrastructure and software fully up to date is the goal, even one PC running an older, unsupported version of Windows, for instance, can be “a chink in the defensive armor that invites intrusion,” says Tatarintsev.
So, the fight against ransomware begins with having a companywide process to ensure that all machines are patched with the latest security updates from Microsoft and other applications as soon as they are released.
Next, defending critical construction business processes from attack goes beyond simple anti-virus protection that solely reacts to known threats, and that leaves operations vulnerable to yet unidentified risks.
“We recommend a new generation of advanced antivirus software that does not always depend on identifying known threats or ‘signatures.’ Instead, such software uses artificial intelligence to analyze which PC programs and processes are affected and as soon as malicious activity is detected, stops it,” explains Tatarintsev.
According to Tatarintsev, email security is also of critical importance today because insufficient precaution in this area is perhaps the leading cause of companies getting ensnared in ransomware.
“Statistically most construction companies acquire ransomware when an employee receives a suspicious email that seems legitimate and clicks on an embedded link. This starts the ransomware attack, which then spreads throughout the company network,” says Tatarintsev.
To protect against this hazard, Tatarintsev recommends that construction businesses use advanced email spam protection tools that offer significantly more defensive capability than earlier, more rudimentary options.
“The advanced tools not only filter out all potentially malicious emails, but also stop users from going to dangerous website destinations by clicking on links that could start a ransomware attack,” he says. He explains that the tools rewrite all the embedded link Uniform Resource Locators. So, if a user clicks a URL in an email, instead of linking to a potentially dangerous website, he or she is redirected to a safe location or ‘sandbox.’ The URL is analyzed to determine if it is dangerous, and if it is safe the user is allowed to go to the original website destination.
Since deceptive “phishing” emails designed to start a ransomware attack can appear so similar to authentic emails, Tatarintsev advises that all construction employees receive periodic security awareness training. This not only teaches employees how to distinguish the latest potentially dangerous emails, but also sends safe, simulated phishing emails to test their responses on an as needed basis. Employees who fail the test are given additional training, so they will not compromise the business when an actual phishing email-ransomware assault occurs.
If all these defenses fail and ransomware does infect and shut down a construction company’s IT network, a reliable back up system should be in place that can quickly restore all critical data.
“If a business’s vital server data is encrypted by ransomware, with a good backup solution data can be restored from the backup,” says Tatarintsev. He notes, however, that some data will be lost, depending on the frequency of backup. Unless these are virtually continuous, a day or even a week or more of current data could be lost.
Moreover, care must be taken as to how data is transferred and saved, so ransomware does not have access to storage sites connected to company networks.
While construction businesses can attempt to fight the growing scourge of ransomware in-house, most IT departments do not have the time, resources, or expertise available to deter the constantly evolving threat on a 24/7 basis.
As an alternative, an increasing number of construction businesses are cost-effectively protecting against ransomware by outsourcing to professional, third-party firms like BTI Communications Group that remotely and continually provide layers of protection with a comprehensive, integrated IT approach.
This strategy can continually deter and detect threats as well as resolve vulnerabilities. Additionally, this eliminates the need to dedicate internal IT staff to these types of tasks. It also minimizes potential loss and even liability if serious harm were to be caused by disrupted company services.
However, even outsourced IT solutions and services are at risk of ransomware attacks and so must be prepared with advanced monitoring and prevention tools. On the weekend of July 3, 2021, Russia-linked hackers were suspected of a mass ransomware attack on Kaseya, a company that provides IT management software. The hackers demanded $70 million.
According to Tatarintsev, the first and primary goal of a third-party, integrated IT service is to deliver the foremost level of technical quality that can be delivered reliably for a client’s budget.
“We emphasize the quality and reliability aspects. Where cybersecurity is concerned, any other approach, no matter how seemingly cost beneficial, can be fatal. By putting quality first before short term economic advantage from cheaper tools, we and our clients end up winning in the end,” says Tatarintsev.
For this reason, only carefully selected software tools and technical solutions should be utilized to ensure its clients are always operating in a high-performance, reliable, and secure IT environment.