The recent ransomware attack against the Duvel Moortgat Brewery demonstrated the very real risk that cybersecurity incidents pose to the alcohol industry, reportedly halting operations for several days at four of Duvel Moortgat’s facilities in Europe and the United States. This attack comes after other major alcohol producers experienced disruptive ransomware attacks in the last several years. Incidents like these can be devastating for a company’s business and reputation, and hackers’ strategies are constantly evolving to maximize their damage. But companies can be prepared with an information security program designed to prevent successful attacks and quickly respond if one occurs. Experienced partners such as McDermott are critical resources throughout this process, enabling companies to better update and fortify their security programs.

THE GROWING THREAT OF ATTACK

Hackers have extorted companies through ransomware attacks for decades, but hacker strategies have evolved to increase the risks to companies, often resulting in a larger ransom for the hacker. A “ransomware” attack traditionally refers to a strategy in which a hacker gains access to a victim’s computer system, encrypts the information on those systems and demands a ransom payment to unlock that information. Victims may try to avoid paying the ransom by restoring most of their systems from backups, but hackers have recently introduced additional strategies that can complicate that recovery. Today, hackers often try to steal the victim’s information before encrypting it on the victim’s system, so that they can sell or publish the information if the victim refuses to pay the ransom. Hackers also may try to “corrupt” backups so that the victim cannot effectively restore its system without the hacker’s assistance. One ransomware group, AlphV, says that it also reports its publicly traded victims to the US Securities and Exchange Commission if they don’t pay the ransom.

Determining whether to pay a ransom is a complicated decision, with either choice presenting notable risks. The ransom will likely be expensive and must be paid without any guarantee that the hacker will make good on its promises. The decryption software or key may not work, or the hacker may not delete information. One hacking group, LockBit, is believed to save victims’ information after their ransoms are paid despite promising to delete it. The hacker may be willing to negotiate a lower payment amount, but doing so takes valuable time while the victim’s systems likely remain nonfunctional. The hacker may be under sanctions, in which case paying the ransom would be illegal and could result in a fine for the victim. Paying the ransom rewards the hacker, which may increase the risk that the hacker targets the victim again. There is rarely a clear path back to safety after a successful breach, so it is important that the victim make an efficient, informed decision.

OPPORTUNITIES FOR PREPARATION AND PREVENTION

Companies can minimize these risks by maintaining a security program designed to prevent incidents from occurring and to effectively respond if they do occur. The security program should utilize administrative, technical and physical security policies [...]

Continue Reading