Cancel OK

Cybersecurity: Ransom attacks

The second and third paths of cybercrime attacks noted by Greg Gatzke, president of ZAG Technical Services, Inc., a San Jose, CA-based IT consulting firm and managed services provider, involve ransomware—one by encryption and the other through the release of confidential information.

In the former, criminals invade a company’s network, delete backups, and encrypt all systems, then demand payment for a “restore” key.

Gatzke says these attacks can cost from $100,000 to more than $1 million.

“The risk of this type of attack goes up significantly when the company is in manufacturing and has small windows to produce and ship product,” he says, noting that such companies are usually highly dependent on technology and often cannot produce without computer systems.

In a ransomware attack involving the release of confidential information, criminals inside a firm’s system will search for files that would be damaging if released to the Internet or a competitor.

“These files often contain personal identifiable information or PII, confidential pricing/costing data, or trade secrets,” Gatzke says. “The criminals will threaten to release the information if they aren’t paid.

“It’s up to every organization to ensure PII is protected, the organization’s culture is one that protects this kind of information, and that the technology being used is as secure as possible through ongoing updates and maintenance,” he adds.

Thomas LaMantia, CISSP (certified information systems security professional), based in Glyn Ellen, IL, reiterates the prevalence of ransomware attacks, which have increased by 400 percent in the last year or so.

“They’re attacking those that have poor security—and extorting twice,” LaMantia says. “Once to unlock the data, and a second time to keep them from publishing it to the world.”

He mentions ag producer New Cooperative, Inc., based in Fort Dodge, IA, as an example. The ransomware attack was perpetrated by BlackMatter in September 2021, according to media reports.

BlackMatter demanded $5.9 million for a promise not to publish a terabyte of the farm co-op’s proprietary information. Although New Cooperative focuses on grain, LaMantia says this type of attack illustrates the vulnerability of produce companies and grocery retailers, as it disrupts the supply chain.

While attacks like this often target larger firms, small businesses are at risk, too. “Smaller companies often struggle because they don’t have adequate funding to build up defenses or recoverability,” Gatzke explains.

When it comes to paying cybercriminals, Gatzke insists victims should never pay as there are no guarantees. Systems may not fully recover, or it may take an inordinately long time. Worst of all, hackers now know the company is willing to pay and could strike again.

Insurance companies may engage someone to negotiate with the criminals and let victims know if they believe the hackers are relatively “trustworthy.” However, Gatzke firmly believes perpetrators should not be paid.

This an excerpt from a feature story in the March/April 2022 issue of Produce Blueprints Magazine. Click here to read the whole issue.