Estimated reading time: 3 minutes

All About Flex: Are Manufacturing Companies Susceptible to Ransomware?

Every business (and every individual) needs to pay attention to cyber security. There are many sophisticated hackers throughout the world looking for ways to access or corrupt systems. While manufacturing companies have not been a common target, there are certainly risks that need to be considered.

One reason most U.S. manufacturing companies have not been victimized by hackers is the perceived value for a hacker is minimal. Typical information that hackers value includes: Social Security numbers, credit card data and health records. Most manufacturing companies don’t keep all this information as part of their business, however most employee records certainly would have personal information that might be valuable such as social security numbers.

Health care companies and education institutions in the U.S. have been hit by viruses known as “ransomware.” A virus is injected into an organization’s server, shutting down the network. The hacker demands a ransom in exchange for the algorithm code that will unlock the virus. Several health care companies have been hit. A few notable examples include:

• In February 2016, Hollywood Presbyterian Medical Center reported that its computer system in the Los Angeles area hospitals was made inoperable by a computer virus. The hospital had to rely on phone calls and faxes to relay patient information while going back to a manual documentation system. The attackers had reportedly asked for $3.6 million to decrypt the system. Ultimately, the hospital paid the attackers $17,000 to unlock their network.
• The University of Calgary had its computer systems affected for 10 days by malware and eventually paid the attackers $16,000 to decrypt the virus^[1].
• Henderson, Kentucky-based Methodist Hospital declared a state of emergency due to its internal network becoming infected with a computer virus that prevented access to its database. The type of virus encrypts data files and then destroys the original. The hospital reported that the attackers were asking for $1600 to give them the decryption key^[2].

Manufacturing companies are also at risk for ransomware. The risk varies by degree that the manufacturer relies on its computer network for day-to-day operations. For some manufacturing companies, disabling or shutting down their network is a minor inconvenience, whereas in other cases a disruption to the server could shut down operations.

The most common way that hackers get access to a company’s network is via emails, where an email with a virus attachment is sent to some department at the company. The accounts payable department and the sales departments are common targets. Someone may send an “overdue invoice” notice to the accounts payable department with the statement attached to the email. The statement itself could be embedded with a virus or the past due notice has a link to a website that tries to download a virus to the user’s computer. The same type of scam can be used to target the sales department, where a fake order is sent requesting acknowledgment.

What can be done to prevent ransomware attacks?

The FBI.gov website^[3] has several recommendations. Here are a few:

• All employees should receive training on virus infection and be made aware of the dangers of ransomware.
• Employ highly qualified IT professionals who can make sure the proper firewalls and software scanning systems are in place to prevent intrusion.
• Use quality software systems that are maintained so the latest security systems can be installed. Some smaller companies use patchwork or “homemade” systems with virtually no defenses against hacker intrusion.
• Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
• Privileged and administration accounts should be highly restricted.
• Accessibility to the information system must have appropriate controls. If a user only needs to read information, then write access should be denied.
• Ensure data is backed up regularly and ideally stored on a different server
• Develop contingency plans for server attacks. Many times, contingency plans can be simple, but waiting until a server is corrupted is obviously too late for mitigation planning.

This is certainly a risk demanding preparation and action. There are avenues for help. If you think you or your organization have been the victim of ransomware, contact your local FBI field office and report the incident to the Bureau’s Internet Crime Complaint Center.

References

1. University of Calgary Ransomware Attack
2. Hospital Declares Internet state of Emergency After Ransomware Infection
3. FBI.gov website with recommendations 

Dave Becker is vice president of sales and marketing at All Flex Flexible Circuits LLC.