Ransomware Attacks Continue to Disrupt U.S. Industrial Manufacturers

This week, multinational brewing company Molson Coors reported a cybersecurity incident to the U.S. Securities and Exchange Commission (SEC). Last month, packaging company WestRock, announced it had been the victim of a ransomware attack.

The attacks come after a year of threats and malicious attempts to exploit the effects of the COVID-19 pandemic.

 

Cyberattacks Hit Molson Coors and WestRock

The attacks that disrupted normal operations at Molson Coors were filed to the SEC on March 11 in a Form 8-K. For context, the form serves as a means to reveal major events that shareholders should be aware of.

The document did not mention what type of cybersecurity incident caused a ‘systems outage,’ but said the malicious action affected brewery operations, production, and shipments. It also revealed an ongoing investigation on the issue and that the company was currently working on getting systems back online.

Molson Coors has seven breweries and packaging plants in the United States, ten in Europe, and three in Canada. The company owns several brands, including Coors, Blue Moon, and Miller Lite. The attack on WestRock, on the other hand, was directly classified by the company as a ransomware attempt.

Discovered on January 23, the attacks would have reportedly affected the company’s operational technology (O.T.) systems, disrupting various factory operations, including mill system production and packaging. The company, whose clients include international electronics manufacturers like General Motors, Heinz, and Home Depot, released an update about the incident on February 5.

In the update, WestRock confirmed they started an investigation about the ransomware attack and were in the process of recovering from its disruptive effects.

 

Ransomware in Industrial Scenarios

With the term ransomware, internet security experts commonly refer to a program that infiltrates a system to block or disrupt its regular functions. The software then prompts the victim to pay a sum of money or other forms of “ransom” in exchange for the deactivation of the malicious code.

When it comes to industrial systems, ransomware can be particularly disruptive, impacting production and critical infrastructure organizations. Last year, for example, a ransomware infection was responsible for the shutdown of a U.S. natural gas pipeline for two days.

 

An actuated control valve and valve positioner control.

 

Ransomware attacks impacting industrial production have multiplied over the past few years, with names like WannaCry, Ryuk, and MegaCortex being responsible for attacks in over 150 countries and overall losses in the billions of dollars.

This is partially due to industrial control systems (ICS) that are not sufficiently secured, with a report from Claroty last year estimating that 70% of ICS vulnerabilities disclosed in the first half of 2020 could be exploited remotely.

 

How to Prevent These Issues

To tackle these issues and improve the security practices of industrial companies, the Cybersecurity and Infrastructure Security Agency (CISA) released a Ransomware Guide last September.

 

The cover of the Ransomware Guide. Image used courtesy of CISA

 

Developed together with the Multi-State Information Sharing and Analysis Center (MS-ISAC), the guide offers different resources to inform best practices and suggestions to prevent, protect, and respond to ransomware attacks.

What are your thoughts about ransomware in industrial manufacturing?