Ransomware is a form of malware that locks or encrypts data until a ransom is paid, which can give the victim access to the files again. This type of malware has increased in recent years and we have seen a number of examples in the media of companies being attacked. But what can the effects be when you are hit by a ransomware attack? And what can be done to minimize the consequences? We will go through some cases of ransomware attacks and what effects they had in this blog post.
Ransomware: Definition, Features and Security Tips
Ransomware is a type of malware that infects the victim's system. Malware encrypts data so that the systems cannot be used and the files cannot be opened by the user. In the case of ransomware, the attackers demand a ransom in exchange for unlocking the systems and decrypting the data again – however, there is no guarantee that the attackers will keep their promises.
Vesta's data leak
In November 2021, the Danish wind power manufacturer Vestas was hit by a ransomware attack. The attack led to the company having to shut down parts of its IT systems to ensure that the attack did not spread. Fortunately, they were able to continue operations – something that can cause major financial losses if not possible during an attack.
However, it was later revealed that information had been stolen during the attack – around 7,000 documents. Some of them the stolen data was published and contained personally identifiable information (PII) such as names, addresses, but also bank details and social security numbers.
The biggest impact of this ransomware attack was the publication of stolen data. Even if you manage to get your IT systems up and running after an attack, the attackers may have stolen or altered data. In this case, they may offer a ransom to return the data or to promise not to publish/sell it online.
Locking of important IT systems in Kalix municipality
Kalix municipality in Sweden was also a target for one ransomware attack during December 2021. The attack shut down the IT systems for e.g. payment and mail as well as heating and ventilation of a quarter of the municipality's facilities. Many functions were also eliminated, such as healthcare centers not being able to access digital medical records and medication lists.
The effects of the ransomware attack differed from the Vestas case, as the municipality of Kalix had problems with down systems, which affected the social functions in society, rather than stolen and leaked data. This situation can be compared to the big attack on Coop in July 2021. 800 Coop stores were forced to close for several days due to a IT attack which shut down their payment system. The attack was part of a larger global attack targeting the US software company Kaseya.
What can you do to reduce the consequences of a ransomware attack?
Secure IT/OT integration
It is difficult to guarantee that no malicious content can enter your IT network. But what is important is that your most sensitive and important information is protected, or that your business can continue despite an ongoing attack on your IT network and systems. By creating a secure IT/OT integration, you ensure that your OT systems are protected during a ransomware attack. Historically, OT systems were often completely self-contained. However, the need to connect OT to other systems has grown pace with the digitization of society. IT and OT are therefore connected and similar technology is often used in IT and OT. The different needs within IT and OT can easily lead to challenging technical conflicts. read more about secure IT/OT integration!
Physical separation of IT and OT through zoning
Separating IT and OT into separate segments helps avoid vulnerabilities or disruptions in IT affecting OT. To avoid risks resulting from errors in configuration or function, physical segmentation (zoning) should be used. This means that separate hardware is used for IT and OT.
Read more about how to create one secure zoning!
Use data diodes in the zone boundary for data flows from OT
The most secure way to connect a privacy-sensitive data network to other systems is to use data diodes. Any data flow from OT that can be handled with data diodes means a simplified security analysis, simply because a data diode is so secure and easy to analyze. Or, more correctly, because it has such high security.
read more about IT/OT integration!
Sanitize files before transferring or importing
It is important to ensure that you sanitize files before importing them into your network or system, to minimize the risk of importing malicious content.
Advenicas File Security Screener is a Cross Domain Solution that ensures separation of connected networks combined with effective and automated malware countermeasures. The solution uses multi-scanning – an advanced threat detection and prevention technology that increases detection speed, reduces outbreak detection time and provides resilience to malware vendor issues. It enables the import of data into secure, isolated networks without compromising security. This is done through the custom built data diodes from Advenica which ensure separation between different import sources.
Do you want to know more about how we can help you with your cyber security?
Read more about how you can protect yourself from cyber attacks!
English 
Svenska