By: Andy Ng, Vice President and Managing Director, Asia South and Pacific Region, Veritas Technologies
The ransomware attack on global meat processing company, JBS, has given us yet another glimpse into the pernicious world of ransomware where cybercriminals eye an easy payday by going after big organisations in the supply chain. According to reports, the JBS attack was caused by the execution of ransomware in their network which has since been attributed to REvil, a notorious hacker gang who has made some of the largest ransomware demands in recent months.
Supply chain – an increasingly vulnerable target
The ransomware attacks, first, on the oil industry as illustrated by the recent Colonial Pipeline saga, and now the meat processing industry, not only resulted in major financial damages, but also disruption to essential services.
The truth of digital transformation is that we are all much more vulnerable than we used to be. The more that essential-service providers such as hospitals, transport operators, fuel suppliers or food companies rely on data, the greater the impact that hackers can have by interfering with it. According to Veritas’ Ransomware Resiliency Report, 61% of utilities companies who have experienced an attack have paid at least part of the ransom – that compares with just 44% for the publishing industry but goes up to 79% for the healthcare sector.
Asia Pacific is a key linchpin for the global supply chain and is especially susceptible to increasingly sophisticated ransomware attacks. As companies adapt to remote working and a more distributed business environment, it is critical to establish and maintain a rigorous security strategy to better protect their valuable data assets.
It never pays to pay for ransomware
The recent attacks show how the ransomware community has shifted from targeting data-rich companies such as retailers and banks to disrupting the ability of ordinary people to access critical services and goods.
This raises serious concerns for businesses and governments alike, as ransomware has evolved from a financial exploit to a national security threat.
While many experts and authorities have long recommended victims not to pay their attackers, many businesses continue to do so, to mitigate any further risks. In Singapore alone, a staggering 72% of organisations that suffered from ransomware attacks either paid the ransom in full or in part.
The tough decision to pay or not to pay ultimately lies with the ransomware victims. JBS made the decision to pay $11 million in bitcoin to mitigate any unforeseen issues and prevent any potential risk for their customers.
While businesses and organisations are often caught in a fix, it is critical for them to note that paying up will only increase the propensity for future ransomware attacks on themselves and others, as the attackers have gained new motivation and financial resources.
Even if a business does regain access to data after making payment, there is really no guarantee that it has been unaltered. Similarly, we do not know if the copy of stolen data will be deleted even after the ransom is paid up, leaving the “payer” vulnerable to further exploitation. Take Colonial Pipeline for example – despite paying a hefty $5 million ransom, later partially recovered by the FBI, it was reported that the company ended up having to rebuild most data from their backups, as the decryption process was both slow and unreliable.
There is no question that ransomware attacks are ballooning in scale and complexity, with brazen criminals using their profits to unleash greater and more sophisticated ransomware wars with advanced tools and techniques.
A wake-up call
While it is impossible to become bulletproof against cyberattacks, the recent ransomware attacks simply prove that they are unlikely to be the last of its kind. When it comes to ransomware, the question is always when, and not if. Businesses must remain vigilant by adopting a proactive approach in protecting and backing up their data, regardless of where it resides, from the edge to the cloud. According to Veritas research, only 50% of respondents could claim that they have offline backups in place, despite the fact that those who do are more likely to be able to restore more than 90% of their data.
As the new remote work reality generates a surge in cyberattacks, organisations must be prepared for an eventual attack by backing up their data, scanning their networks and deploying strong encryption tools. To stay one step ahead of the game, it is imperative for businesses to keep up with the necessary investments by hardening backup platforms and deploying robust recovery measures to ensure data and applications can be restored quickly and seamlessly across business networks and operating systems – all before it is simply too late.