Updated December 8, 2022.
On February 27, 2022, Bridgestone Americas, a subsidiary of one of the world’s largest tire manufacturers started to investigate “a potential information security incident” detected in the early morning hours of that same day.
Details about the incident were not revealed until March 11, 2022, when the LockBit 2.0 ransomware gang claimed the attack, adding Bridgestone Americas to their list of victims. LockBit is now threatening to release “all available data” to the public unless Bridgestone Americas pays a ransom.
Although the ransom amount is unclear, LockBit is known to demand tens of millions of dollars from big companies, as was the case with Accenture.
With its lack of maturity in OT security defenses, the industrial sector has become an attractive target for both financially motivated ransomware attackers and actors linked to state-sponsored groups. Many organizations:
Most of these deficiencies are a result of OT networks having relied on air gaps in the past, with no need for dedicated security solutions. In a recent study performed by Armis and Computing Research, however, 39% of the respondents said that less than 20% of their OT device estate is still segregated from their main (IT) networks.
These factors lay the ground for successful attacks, allowing threat actors to pivot from the IT network into the OT segment, even if breaching the latter is not the main goal.
Paying ransoms to regain access to systems or data is a controversial decision, often made at the board level of organizations. According to an IDC survey from August, 2021, “only 13% of companies reported experiencing a ransomware intrusion and not paying a ransom” with an average payout of almost $250,000. Some high-profile examples of companies that made large payouts in recent years include:
The FBI and Department of Homeland Security recommend avoiding paying ransoms and reporting the case to the U.S. government. There’s no guarantee that the intruders will hold up their end of the bargain. In addition, lucrative payouts only encourage more criminals to attempt ransomware crimes.
Learn more about the challenges of securing all devices in OT environments. Read our OT-IT Convergence Playbook.
According to Gartner research, more than 90% of ransomware attacks are preventable, as per. At a high level, you can better protect your organization from cybercrimes by taking the following four steps:
The first step to protecting your organization from manufacturing ransomware attacks is eliminating your blind spots. The challenge is gaining complete visibility of every managed and unmanaged cyber asset to know what devices are on your networks and what vulnerabilities are associated with them.
Knowing how a device in your environment is supposed to behave can help prevent attacks. If a device is behaving abnormally, you can stop the spread of infection. Continuous network and asset monitoring is key. A full risk assessment that identifies all threats, along with a mitigation plan, is also essential.
To increase their cybersecurity posture, organizations should follow frameworks such as the Center for Information Security’s CIS Controls. CIS Control 10, for example, focuses on malware defenses. Other best practices include multi-factor authentication, network segmentation, and Zero Trust policies.
Read our whitepaper to understand how Armis provides coverage for CIS Controls.
It’s crucial to have a strategy to help mitigate, respond to, and recover from cyberattacks. Ransomware is a federal crime, and organizations are encouraged to report incidents to law enforcement, such as the FBI or Secret Service.
Armis can detect cyber threats—including ransomware attacks—in real-time. Our platform identifies both initial access to the network and lateral movement. Armis can also detect vulnerable assets, and assets that have been compromised by ransomware, to help you mitigate threats through isolation or the implementation of other controls.
Benefits of the Armis platform include:
The Armis platform does all this without the need for disruptive scans or agents. Book a demo to learn more.
Sign up to receive the latest news