Ransomware is a type of malware that infects your system, files or data, then encrypts it, blocking your access to it until you pay a sum of money.
Though such a nightmarish situation may sound exceedingly rare or like a threat only large companies need to be concerned with, ransomware is all too common and impacts businesses of all sizes, including trucking and logistics companies. In fact, transportation businesses are prominent targets of ransomware attacks, along with health care organizations and industrial companies.
“Hackers have stepped up their focus on the trucking and logistics industries over the last three years probably because they know for the most part many of these mid-enterprise and smaller businesses, and the mom-and-pop shops, are still well connected to large supply chains and are relatively less defended,” said Drew Williams, Guidacent chief information security officer (CISO) and ThreatRecon program director.
Williams joined the National Motor Freight Traffic Association’s (NMFTA) Antwan Banks, director of enterprise security, during NMFTA’s September cybersecurity webinar to discuss ransomware.
NMFTA has a long history as a trucking membership organization focused on helping to elevate trucking businesses through standards and classifications. Now it is pushing forward awareness and education of cybersecurity so companies in the transportation industry can protect themselves in the digital age, including through research, resources and its annual trucking cybersecurity conference.
During NMFTA’s cybersecurity webinar, Williams provided insights into ransomware attacks — and what you can do to protect your business.
The devastating impacts of ransomware
To infect your system, a hacker just needs an entry point. This could mean someone from your company clicked on a link on an ad or in an email, or visited a website embedded with malware. Once the malware gets into your system, the hackers can remain there undetected for a long period of time until they encrypt your data and demand ransom.
Because hackers can use your business as leverage against you, they are able to demand large sums from their victims. Threatening to sell or leak your data is common. Because of this, and the low prosecution rate due to the crime’s hard-to-trace nature, the average ransom is steep and continues to grow each year. Though reported ransom payment averages vary wildly, one report from this year revealed an average of nearly $1.5 million (and a median of $400,000).
Organizations don’t always get their data back once ransoms are paid. Also considering losses from investment capital on top of the ransom itself, your business might spend months or years recovering from attacks. Even if you don’t pay the ransom, other costs associated with data recovery can be significant.
The FBI’s Internet Crime Complaint Center (IC3) received 2,385 ransomware complaints last year, with a total of $34.3 million in losses. However, this appears to be just an extremely small fraction of the number of ransomware attacks that actually occur each year. According to one estimate, there were a staggering 453 million ransomware attack attempts worldwide in 2022.
“These attacks are often never reported because companies decide to pay or they’re embarrassed and their clients will sue them,” Williams explained.
To pay or not to pay?
Following a ransomware attack, IT leaders are met with the choice to pay the ransom or restore the system from a backup. Their only other option is to “burn it to the ground,” Williams said.
Although there is no law against paying a ransom to get your data back, the FBI strongly discourages it. Victims are urged to report it to the FBI’s IC3.
“Paying ransom encourages the bad guy to target more victims and offers an incentive for others to get involved in this type of activity,” Williams explained.
According to the industry report mentioned earlier, 46% of victims paid the ransom to get their data back. But while handing over the money may be tempting, there is no guarantee you will get all or even some of your data back. In fact, hackers may retain access to your data, opening up the possibility of repeated exploitation in the future.
Protecting your business from ransomware
Even the most prepared company can be affected by ransomware. To mitigate the risk, though, an organization should do all it can to protect its physical assets, technical assets and administrative processes, Williams said.
“Preparing your company, regardless of its size or area of focus, should go beyond the front doors and windows and shouldn’t just include the IT team,” Williams added.
He provided a few key steps that an organization can take immediately to reduce the threat of ransomware:
Ensure you have leadership support now.
Raise cybersecurity awareness companywide.
Establish a workable continuity plan.
Test and validate your emergency readiness.
Put the security defense process first and tech next.
Never trust, always verify.
Stay on top of passwords/patches/authentication.
When in doubt, verify before opening.
Having a plan in place if a ransomware attack does happen, however, is paramount. Williams said “preparation and planning promotes prevention.” He suggests focusing on these big four methods:
Schedule a tabletop exercise to test and validate your processes. “Using real-life scenarios, your team will know how to react and what steps to take.”
Establish your incident response plan to avoid a “too late” situation. “A well-structured plan enables organizations to act quickly and efficiently by following a pre-defined set of procedures, and minimize downtime and potential financial and reputational damage.”
Prepare your disaster recovery plans to minimize the impact of an emergency. “If a situation is going to stop your day-to-day operations, this is something that involves an analysis of your business processes and your business continuity needs. Before generating a detailed plan, an organization needs to perform a business impact analysis, a risk analysis and evaluate what its recovery objectives are.”
Create mandatory data backup plans to minimize operational downtime. “[Protect] critical information by ensuring you’ve got immutable systems, which means they cannot be accessed. It will minimize operational downtime. It’s not a guarantee, but if they’re immutable, it means they’re not accessible by other third-party means. Again, it will reduce recovery [time].”
The full “Ransomware and the Toll it Takes on Trucking” webinar is available to everyone.
The NMFTA’s upcoming annual Digital Solutions Conference will discuss cybersecurity topics impacting the transportation industry. Taking place Oct. 22-25 in Houston, the conference will bring together cybersecurity, trucking and supply chain professionals — including chief information officers, chief technology officers and chief executive officers.