Ransomware is a form of malware that locks or encrypts data until a ransom is paid, which can give the victim access to their files again. This type of malware has increased in recent years and we have seen a number of examples in the media of companies being attacked. But what can be the effects when you are hit by a ransomware attack? And what can you do to minimize the consequences? We will go through some cases of ransomware attacks and what effects they had in this blog post.

Ransomware: Definition, Features and Security Tips

Ransomware is a type of malware that infects the victim's system. Malware encrypts data so that the systems cannot be used and the files cannot be opened by the user. In the case of ransomware, the attackers demand a ransom in exchange for unlocking the systems and decrypting the data again – however, there is no guarantee that the attackers will keep their promises.

Vestas data leak

In November 2021, Danish wind turbine manufacturer Vestas was hit by a ransomware attack. The attack forced the company to shut down parts of its IT systems to ensure the attack did not spread. Fortunately, they were able to continue operations – something that could cause major financial losses if not possible during an attack.

Advertisement

However, it was later revealed that information had been stolen during the attack – around 7,000 documents. Some of the stolen data was published and contained personally identifiable information (PII) such as names, addresses, but also banking details and social security numbers.

The biggest impact of this ransomware attack was the publication of stolen data. Even if you manage to get your IT systems up and running after an attack, the attackers may have stolen or modified the data. In this case, they may offer a ransom to return the data or to promise not to publish/sell it online.

Lockdown of important IT systems in Kalix municipality

Kalix municipality in Sweden was also the target of a ransomware attack in December 2021. The attack shut down IT systems for, among other things, payment and email, as well as heating and ventilation of a quarter of the municipality's facilities. Many functions were also knocked out, such as health centers being unable to access digital medical records and medication lists.

The effects of the ransomware attack differed from the Vestas case, as Kalix Municipality had problems with shut down systems, which affected social functions in society, rather than stolen and leaked data. This situation can be compared to the major attack on Coop in July 2021. 800 Coop stores were forced to close for several days due to a IT attack which shut down their payment system. The attack was part of a larger global attack targeting the American software company Kaseya.

What can you do to reduce the consequences of a ransomware attack?

Secure IT/OT integration

It is difficult to guarantee that no malicious content can enter your IT network. But what is important is that your most sensitive and important information is protected, or that your business can continue despite an ongoing attack on your IT network and systems. By creating a secure IT/OT integration, you ensure that your OT systems are protected during a ransomware attack. Historically, OT systems were often completely stand-alone. However, the need to connect OT to other systems has grown in pace with the digitalization of society. IT and OT are therefore interconnected and similar technologies are often used within IT and OT. The different needs within IT and OT can easily lead to challenging technical conflicts. Read more about secure IT/OT integration!

Physical separation of IT and OT through zoning

Separating IT and OT into separate segments helps to avoid vulnerabilities or disruptions in IT affecting OT. To avoid risks resulting from errors in configuration or operation, physical segmentation (zoning) should be used. This means using separate hardware for IT and OT.

Read more about how to create safe zoning!

Use data diodes at the zone boundary for data flows from OT

The most secure way to connect a privacy-sensitive data network to other systems is to use data diodes. All data flows from OT that can be handled with data diodes involve a simplified security analysis, simply because a data diode is so secure and easy to analyze. Or, more accurately, because it has such high security.

Read more about IT/OT integration!

Sanitize files before transfer or import

It is important to ensure that you sanitize files before importing them into your network or system, to minimize the risk of importing malicious content.

Advenica’s File Security Screener is a Cross Domain Solution that ensures the separation of connected networks combined with effective and automated malware countermeasures. The solution uses multi-scanning – an advanced threat detection and prevention technology that increases detection speed, reduces time to outbreak detection and provides resilience to malware vendor issues. It enables data import into secure, isolated networks without compromising security. This is done through Advenica’s custom-built data diodes that ensure separation between different import sources.

Would you like to know more about how we can help you with your cybersecurity?

Read more about how you can protect yourself against cyberattacks!