In 2021, ransomware assaults on big manufacturers were all over the news and it managed to grab its spot on the top headlines. As of now, they show no signs of reducing in the following years. Hackers are exploiting security flaws all across the world. We can witness how they are holding the data of businesses, governments, and healthcare organizations hostage and demanding unreasonably high prices in ransom. There is a lot that manufacturers can learn from these incidents. Let’s look at the Top IT Security Incidents In 2021 For Manufacturers
CD Projekt Red
The security breach at CD Projekt Red, a video game developer best known for creating popular video games such as Cyberpunk 2077 and The Witcher series, occurred in February 2021. According to a statement released by CD Projekt Red on Twitter, an unidentified actor gained access to the company’s internal network and stole the information. Also, the attackers left a ransom note demanding payment and they threatened to release proprietary video game source code and other datasets to the public. CD Projekt Red has stated that it has already begun the process of restoring data and has secured its information technology infrastructure. It went on to say that all of its backups are still intact. So, CD Projekt Red controlled the situation without paying the ransom amount.
By this incident, manufacturers learned the importance of having a backup of their information to prevent such ransomware attacks.
Within a span of a week, the computer manufacturer Acer was targeted twice by hackers. The first one attacked their offices in India and the second one in Taiwan. The REvil hacker group was responsible for both the attacks. This is the same group that was responsible for an attack on the London-based foreign exchange firm Travelex earlier in 2021. The $50 million ransom was the largest known to date, and it made headlines. The malicious hackers took advantage of a vulnerability in a Microsoft Exchange server. As a result, they gained access to Acer’s files and leaked several images of their sensitive financial documents and spreadsheets.
Acer didn’t confirm if they ever paid the ransom amount or not, but they have taken all the required measures to protect their data from being leaked.
20/20 Eye Care Network
In January 2021, data was extracted from 20/20 Eye Care Network’s Amazon Web Services (AWS) environment. Not only this, all the data was also erased and leaked. Some or all of 20/20’s sensitive data of the patients which include health plan members’ names, addresses, dates of birth, Social Security numbers, member identification numbers, and health insurance information were compromised by the hackers. 3.25 million people were affected by this!
A cybersecurity firm investigated the hack for 20/20 and was unable to determine whether files had been viewed or deleted by the unknown opponent. 20/20 believes there was no actual misuse of its health plan members’ personal or vision/hearing insurance information.
When the breach was discovered, 20/20 acted immediately to control the damage. It investigated the matter by assessing the security of its systems, notifying any affected persons, and installing new measures. Individuals whose personal information was possibly affected in the incident will also have free access to credit monitoring services for the next twelve months, according to 20/20. This has helped 20/20 in gaining back the trust of their clients.
After a major ransomware attack at the end of May, JBS SA, the world’s largest meat processing company, was forced to close its doors. REvil, the same hacking group that we mentioned above was behind this attack. The incident occurred only a few weeks after the attack on the Colonial Pipeline, highlighting the vulnerability of critical infrastructure and critical global supply chains.
JBS is headquartered in Brazil and employs approximately a quarter-million people in various locations around the world. JBS USA was forced to shut down its impacted systems despite the fact that its backups were still intact. Its beef and pork slaughterhouses were disabled. They were forced to suspend cattle slaughtering at all of its plants in the US for a day. This disruption threatened food supplies which led to higher food prices for the consumers.
This incident had impacted the economy very badly. The company worked feverishly with law enforcement and an outside incident response firm to get the work back on track. JBS facilities in Australia, the United States, and Canada were badly affected, and the attack triggered a cascade of consequences across the meat industry. This resulted in plant closures, employees being sent home, and livestock being returned to farmers.
JBS USA said in a statement that it was a very tough decision to make but they have paid a whopping $11 million in Bitcoins to the ransomware attackers.
Kenyon Produce (KP) Snacks
Kenyon Produce (KP) Food, a British snacks manufacturer, was hit by ransomware, which disrupted its manufacturing and distribution activities.
The snacks manufacturer is said to have started an investigation into the attack soon after enacting its cybersecurity response plan. Unfortunately, the situation is still not under control.
The company also stated that it has informed its workers, customers, and suppliers about the situation and that it will keep them updated as new information becomes available.
The Conti ransomware is thought to have hit KP Snacks. The company is currently included on the ransomware’s data leak page on the dark web, along with company records.
Conti’s operators have allegedly stolen a large amount of data from the company, including employees’ personal information, credit card statements, private documents, and other information. They are threatening to publish it online unless the company pays a ransom. The ransom amount is not out in the public.
Molson Coors, one of America’s top brewers (and the maker of Miller and Coors beers), was forced to cease beer manufacturing owing to a major cybersecurity incident in March 2021.
The manufacturer was the victim of a cyber-attack that cost the business approximately 140 million dollars. The company is striving to lessen the impact of these losses and has made some progress in restoring normalcy to its manufacturing and shipping processes. They’ve stated how they’re collaborating closely with authorities and insurance firms to mitigate the effects of cyber-attacks.
The management of Molson Coors hasn’t disclosed the technical details of the attack but many experts speculate that it might be a ransom-ware-related crime.
Following the ransomware attack on Kronos, one of Puma’s North American workforce management service providers, in December 2021, the sportswear manufacturer suffered a data breach.
Kronos found out about the ransomware attack on January 7, 2022, and they notified the management of Puma, 3 days later.
While the breach report does not specify how many Puma employee’s personal information was compromised during the breach, the evidence submitted to the Maine Attorney General’s Office suggests that the ransomware attackers gained access to data belonging to 6,632 people
According to Puma, the Social Security number in filings was also stolen with several other documents during the Kronos ransomware attack.
Experian Identity Works membership, which includes credit monitoring, identity restoration, and identity theft insurance, was offered free for two years to those affected by the data breach.
As of now, Puma has not disclosed if they have paid any ransom to stop the attackers from misusing the employee data.
It’s high time that manufacturers consider cybersecurity as a serious issue and allocate adequate resources to fight it. Also, there is a shortage in the number of highly educated cybersecurity experts who are prepared to deal with the scourge of ransomware attacks. And it is important to develop technology that effectively prevents such attacks in near future. It is only when more organizations begin to take cybersecurity seriously and allocate sufficient time and resources toward threat mitigation that the manufacturing industry will begin to see these threats diminish.