Find out why academic institutions, automobile dealerships, and the utility sector are all high-profile targets of ransomware attacks.
Though all types of businesses can be affected by ransomware attacks, some industry verticals have been impacted more than others. Understanding the link between certain industries and these types of attacks can help businesses better prepare for and prevent future attacks. Malicious actors target academic institutions, automobile dealerships, and the utility sector due to the complexities of their framework and the resources they can provide.
Academic institutions are diverse ecosystems with varying levels of required network access (i.e. student, TA, faculty, administrator, etc.). Managing permission to systems and networks is challenging because these individuals need access to different portals and permissions. One famous example of a successful ransomware attack on an academic institution is the University College London. Hackers used the WannaCry software to infiltrate the university’s network through a phishing email. They evaded the University’s existing security controls and gained access to shared data and student management systems. Academic institutions are uniquely susceptible to ransomware attacks due to the constant interchange of users (students and TAs) every year making it difficult for administrators to properly set access management controls, resulting in lax security systems and unintentionally shared data.
Another example is Kellogg Community College (KCC) in Battle Creek, MI. KCC was hit by BlackCat and forced to cancel classes during exam week, causing major distress among students. Again, hackers used lax access management controls to move laterally through the network and do the most harm. These attacks highlight the importance of access management protection not only for academic institutions, but for other companies as well – especially those with varying permissions for outside vendors, employees and managers.
Automobile dealerships are attractive ransomware targets because they hold a large amount of confidential customer data. Malicious actors can often use small dealership credentials as a way to access the networks of other periphery brands (vendors, franchises, etc.) and exfiltrate customer data on a wider basis.
Emil Frey, one of Europe’s largest automotive dealerships, was hit by Hive ransomware group in January of 2022. The group was able to access a network of dealerships and their confidential information. The automotive industry is not the only one that has vendors and franchises, those who are not just the central company are also vulnerable targets to attacks. Attacks on automotive groups and their networks serve as an important reminder that attacks can both come from and cause damage to external vendors and networks that are connected to your business. It’s important to have security you trust so that the data of your customers and the customers of your vendors is protected.
The critical nature of the Utility Sector makes it a prime source for ransomware attacks. Delta-Montrose Electric Association (DMEA), a electric cooperative in Colorado experienced a breach that resulted in the loss of 90% of its internal networks and 25 years of data to be lost. The hackers targeted a specific part of the company’s internal network and corrupted documents, spreadsheets, forms, etc. It took months to get all the systems back online. The utility sector is heavily impacted by ransomware attacks because these businesses are essential for the welfare of the constituents they serve, therefore any interruption in service is damaging and can result in a higher payout for ransomware operators. However, the increasing scrutiny that attacks on these industries draws (especially in the wake of the attack on the Colonial Pipeline), could be a good sign for companies to bulk up security efforts, not only in the utilities industry but in all essential service providers.
No matter the industry, TorchLight can help protect against ransomware attacks with preventative measures, responsive tools and ransomware defense architecture. TorchLight works to understand your business and develop a security strategy tailored to your business’ unique needs. TorchLight knows how to properly secure your networks, protecting permissions of networks with a zero-trust strategy. As a Complete Security Solution Provider (CSSP), TorchLight can effectively educate your employees with the right cybersecurity awareness and training programs.
Contact TorchLight to prepare for, prevent, and mitigate ransomware attacks.