A few weeks ago, details of the Colonial Pipeline ransomware attack filled the news cycle, and by now, most people have heard about the latest ransomware attack to hit the news. Brazil’s JBS S.A., the world’s largest meat processing company, was targeted this week by a ransomware attack that, according to reports, appeared to have originated from a criminal group likely operating in Russia, shutting down the company’s operations in Australia, Canada, and the United States, with some fearing that a shortage in meat supplies and a spike in prices may soon follow. JBS processes nearly 25% of the beef and 20% of the pork in the United States and its customers include supermarkets, restaurant chains, and food service distributors. The company reported that it has made significant progress in resolving the attack.
Another story that did not gain as many headlines was Wednesday’s announcement by the Massachusetts Steamship Authority that it was the target of a ransomware attack which affected its scheduling systems. The company’s website, which allows passengers to book reservations, appeared to be offline for a time on Wednesday. There was no impact on safety of vessel operations. The Authority operates ferry service between Woods Hole, Martha’s Vineyard and Nantucket Island, summer destinations that draw thousands of visitors each year.
Ransomware attacks are continuing, and with no signs of letting up, business in all industries should take precautions to protect themselves from falling victim to these attacks which can lead to business disruptions, loss of income, and even reputational damage. According to a recent report by Sophos, the average ransomware recovery costs for businesses have more than doubled in the past year, from $761,106 in 2020 to $1.85 million in 2021. Costs include the ransom payment, business downtime, employee time, device costs, network costs, lost business, and other associated costs.
Business seeking to reduce their risk of falling victim to a ransomware attack should consider a multi-layered approach, including: maintaining up-to-date cybersecurity incident response and disaster recovery/business continuity plans; conducting regular employee training to recognize phishing emails; managing access to systems across the organization and properly configuring systems and devices; securing remote access to networks; establishing secure offline encrypted backups; encrypting data at rest; use of multi-factor authentication and strong passwords; constant monitoring of systems for network intrusions; maintaining images of critical systems in the event they have to be rebuilt; retaining backup hardware; considering cyber liability insurance protection; and staying current with vulnerability patches for systems and applications.
Implementing these strategies, and others, will increase the ability of businesses to defend against ransomware attacks. Falling victim to a ransomware attack can cause significant damage, particularly to smaller businesses that lack the resources to recover from such an attack. Don’t go it alone. The professionals at Vandeventer Black LLP can help your business prepare for and respond to a ransomware attack. Contact us for more information.