Large, sophisticated corporations and government agencies have been mercilessly attacked by ransomware. Here is a look at some that have been hit around the world.
Ransomware attacks have become increasingly prevalent throughout the world. At one time, only small companies were the only ones at risk. This may be because they were not savvy about the real dangers, and didn’t put cyber security in place. Now, even large, sophisticated corporations and government agencies have been mercilessly attacked. Here is a look at some of the firms and agencies that have been hit around the world.
Russia’s Largest Oil Company
In 2016, Russia’s largest oil company, with a majority owned by the Russian State, was named the 51st largest corporation in the world. Sales are estimated at over $64 billion annually.
On June 27, 2017, this company disclosed that it had been hit by the most recent ransomware attack, said to closely resemble the devastating “Wannacry” attack that was carried out just last May of 2017. With that much sales in jeopardy, the Russian oil company probably does wanna cry. A Russian-based cyber security firm estimated that roughly eighty companies in Russian and Ukraine were affected. However, the damage wasn’t limited to Eastern Europe, as seen by the following other companies that were affected.
Corporate Snack Brand
A corporate giant and traded stock company that owns famous snack brands was forced to take its systems offline in response to a “serious global cyber incident.” It’s likely that the perpetrators of this were not just having a “snack attack,” but are in hot pursuit of something far darker than the darkest chocolate.
Global Pharmaceutical Firm
One of the world-renowned pharmaceutical firms that are worth untold billion was also hit by a ransomware attack. Corporate executives announced Tuesday that their firm, too, had been somehow breached by this latest attack. Unlike a pharmacy break-in, a lot more than prescription drugs are at stake.
Global Shipping Company
One of the subsidiaries of a global shipping company was another victim of the latest ransomware attack on June 27, 2017. The subsidiary’s deliveries were disrupted, leaving over 200 countries affected by undelivered packages.
What is Ransomware?
Ransomware is malicious code that holds company files and data hostage until a certain sum of money is paid to the perpetrator. Just like in a real world ransom scenario, the “goods” won’t be handed back until the ransom is given over. Also as in real world ransom scenarios, there’s a risk that the “goods,” or the data in the case of ransomware, will be harmed while in possession of the “kidnappers.”
When the extorted party gets the files back, there is no way of telling what other kinds of breaches have occurred. Since there are usually billions or more lines of code, it would be nearly impossible to tell if the files were infected with spyware, or some other kind of future ransomware virus, ready to defer to a date in the future.
Another risk with the ransomware scenario is that the files won’t actually be returned, even after the money is paid. In the case of the recent attack, logic would seem like the perpetrators would return the files. If one company paid and didn’t get their date back, word would quickly spread and other companies wouldn’t pay the ransom. For that reason, in many ways, it behooves the hackers to return the files in the same condition in which they stole them; however, the “operating code” of hackers is obviously not ethically bound.One thing is sure. If any of these companies do end up paying the ransom, it won’t be widely reported in the press, if at all. It’s unlikely that a giant corporation would want to admit that it a) hadn’t backed up its systems, and b) went against all professional advice to not pay, and c) paid out millions to criminals.
Will Major Firms Pay the Ransom?
Whenever something is taken for ransom – be it a person, property or, as in this case, digital data – authorities strongly advise against paying the ransom. Paying ransom does perpetuate the problem. When hackers see that they can steal data and profit by it, they are thus encouraged to rinse and repeat. The prevailing advice is that corporations back up their data, plug holes and monitor for suspicious activity. But this is like telling someone who just had their wallet stolen that to get their wallet back they should put extra money someplace else, hide their wallet and look out for suspicious characters lurking in alleyways. That advice doesn’t actually help get the wallet back. Basically, if a large corporation hadn’t taken those precautionary steps before the ransomware attack, and the lost data would put them out of business, they are going to pay the ransom. Hackers know this, and that’s why ransomware works.
The Only Answer is in Prevention
The only solution to a ransomware attack is to live and learn and spread the word. The more willing these corporations are to admit that they got hit, the better prepared other companies are likely to be. While it’s embarrassing for a giant pharmaceutical firm to admit that they were fooled, it’s ultimately better for the rest of us to learn that even the big guys are not infallible to cyber threats.
Prevention measures must include redundancy, as a number one priority. That one step would, 1) prevent the loss of critical operating data, and 2) enable overwriting of any malicious code that might have been introduced into the data while it was in the hands of the hackers. Backing up files so there is a minimum of one extra copy is good. Two backups is even better.
The next prevention measure involves making sure virus software is up to date with plug-ins. Literally, the company’s IT department should be checking daily, if not hourly to install available updates that are designed to plug security holes.
Finally, monitoring activity must be done continually. These ransomware attacks leave prints, and they are detectable by watchful IT experts. If vigilance is practiced, future attacks could be kept to a minimum, or even prevented.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.