Updated December 8, 2022.
On February 27, 2022, Bridgestone Americas, a subsidiary of one of the world’s largest tire manufacturers started to investigate “a potential information security incident” detected in the early morning hours of that same day.
Details about the incident were not revealed until March 11, 2022, when the LockBit 2.0 ransomware gang claimed the attack, adding Bridgestone Americas to their list of victims. LockBit is now threatening to release “all available data” to the public unless Bridgestone Americas pays a ransom.
Although the ransom amount is unclear, LockBit is known to demand tens of millions of dollars from big companies, as was the case with Accenture.
Industrial Cybersecurity Attacks: A Growing Trend
With its lack of maturity in OT security defenses, the industrial sector has become an attractive target for both financially motivated ransomware attackers and actors linked to state-sponsored groups. Many organizations:
- Have limited visibility into their infrastructure
- Fail to properly segment network perimeters
- Host many devices with an external connection
- Share a large percentage of credentials between the enterprise network (IT) and the OT environment.
Most of these deficiencies are a result of OT networks having relied on air gaps in the past, with no need for dedicated security solutions. In a recent study performed by Armis and Computing Research, however, 39% of the respondents said that less than 20% of their OT device estate is still segregated from their main (IT) networks.
These factors lay the ground for successful attacks, allowing threat actors to pivot from the IT network into the OT segment, even if breaching the latter is not the main goal.
The Dilemma and High Cost of Ransomware
Paying ransoms to regain access to systems or data is a controversial decision, often made at the board level of organizations. According to an IDC survey from August, 2021, “only 13% of companies reported experiencing a ransomware intrusion and not paying a ransom” with an average payout of almost $250,000. Some high-profile examples of companies that made large payouts in recent years include:
- Colonial Pipeline: $4.4 million (U.S. law enforcement officials eventually recovered $2.3 million)
- German chemical distribution company Brenntag: $4.4 million
- CNA Financial (one of the largest insurance companies): $40 million
- JBS: $11 million.
The FBI and Department of Homeland Security recommend avoiding paying ransoms and reporting the case to the U.S. government. There’s no guarantee that the intruders will hold up their end of the bargain. In addition, lucrative payouts only encourage more criminals to attempt ransomware crimes.
Learn more about the challenges of securing all devices in OT environments. Read our OT-IT Convergence Playbook.
Roadmap to Preventing Ransomware Breaches
According to Gartner research, more than 90% of ransomware attacks are preventable, as per. At a high level, you can better protect your organization from cybercrimes by taking the following four steps:
1. Get Comprehensive Visibility Into Your Network
The first step to protecting your organization from manufacturing ransomware attacks is eliminating your blind spots. The challenge is gaining complete visibility of every managed and unmanaged cyber asset to know what devices are on your networks and what vulnerabilities are associated with them.
2. Deploy a Threat Detection Tool
Knowing how a device in your environment is supposed to behave can help prevent attacks. If a device is behaving abnormally, you can stop the spread of infection. Continuous network and asset monitoring is key. A full risk assessment that identifies all threats, along with a mitigation plan, is also essential.
3. Follow Industry Best Practices
To increase their cybersecurity posture, organizations should follow frameworks such as the Center for Information Security’s CIS Controls. CIS Control 10, for example, focuses on malware defenses. Other best practices include multi-factor authentication, network segmentation, and Zero Trust policies.
Read our white paper to understand how Armis provides coverage for CIS Controls.
4. Build an Incident Response Plan
It’s crucial to have a strategy to help mitigate, respond to, and recover from cyberattacks. Ransomware is a federal crime, and organizations are encouraged to report incidents to law enforcement, such as the FBI or Secret Service.
Armis is Here to Help
Armis can detect cyber threats—including ransomware attacks—in real-time. Our platform identifies both initial access to the network and lateral movement. Armis can also detect vulnerable assets, and assets that have been compromised by ransomware, to help you mitigate threats through isolation or the implementation of other controls.
Benefits of the Armis platform include:
- Complete inventory of all hardware and software in your network, including an overview of vulnerabilities are associated with them.
- Continuous monitoring and analysis of asset behavior with alerts for abnormal or potentially malicious activity or behavior.
- Real-time threat detection to immediately identify attacks, initial access, and subsequent lateral movement.
- Automated orchestration to help you proactively prevent an attack. Breaking command and control is the first step to when you detect suspicious or malicious activity.
The Armis platform does all this without the need for disruptive scans or agents. Book a demo to learn more.
Related Resources: