Everyone dealing with cybersecurity, even if remotely, has heard about ransomware. It has reached epidemic proportions and is the fastest-growing cybercrime. It’s a big crime business, and every industry is vulnerable.
According to Cybersecurity Ventures, ransomware damage costs are predicted to exceed $265 billion by 2031. In 2021, a new organisation falls victim to ransomware every 11 seconds.
In other words, by the time you’re finished reading this article, approximately 22 companies have been attacked by ransomware. You do not want to be one of them.
Read on to learn why taking the necessary steps to protect your ships from ransomware is business-critical.
What is ransomware?
Very simply put, ransomware encrypts data on a computer system or computer files until a ransom has been paid. Unless the ransom is paid, there are usually no other means of recovering the hijacked data. And it might come with additional malware, left active even if a ransom is paid.
Software to unleash a ransomware attack can be easily bought and customised, which is attractive to both sophisticated cybercriminals and novice ones.
Ransomware in shipping
The infamous NotPetya ransomware, which took down Maersk’s systems for 10 ten days, was an industry wake-up call and demonstrated that cyberattacks could cripple a company’s operations.
Ships, too, are impacted by ransomware – sometimes directly, sometimes via backend systems and servers used by ships while at sea. BIMCO’s 2018 report Guidelines on Cyber Security Onboard Ships details several cases of ransomware infections occurring in the maritime industry.
In one incident, a shipowner reported two ransomware incidents, both caused by third-party access:
A shipowner reported that the company’s business networks were infected with ransomware, apparently from an email attachment. The source of the ransomware was from two unwitting ship agents, in separate ports, and on separate occasions. Ships were also affected but the damage was limited to the business networks, while navigation and ship operations were unaffected. In one case, the owner paid the ransom.
In another, the cause of the infection wasn’t interaction with shipping ports, but the company’s inadequate password policy:
A ransomware infection on the main application server of the ship caused complete disruption of the IT infrastructure. The ransomware encrypted every critical file on the server and as a result, sensitive data were lost, and applications needed for ship’s administrative operations were unusable. The incident was reoccurring even after complete restoration of the application server. The root cause of the infection was poor password policy that allowed attackers to brute force remote management services successfully. The company’s IT department deactivated the undocumented user and enforced a strong password policy on the ship’s systems to remediate the incident.
How do you prevent ransomware?
Ransomware spreads as most other malware, and the usual countermeasures are the same. But one particular method is particularly effective: blocking the ability of ransomware to contact their C&C server (command and control server, which instructs the malware on what to do). This is done by using DNS filtering services.
How do you recover from ransomware damage?
No cybersecurity tools and strategies provide 100% protection. In case of a ransomware incident, one recovery option is paying the ransom, but we don’t want to do that. Paying ransom is no guarantee of having the data back and only fuels the malware industry.
The most important thing you can do is make sure you are able to restore your systems and data from a secure, updated, offline backup. Technical countermeasures and awareness training are essential, but having good infrastructure with proper disaster recovery plans goes a long way toward protecting your data.
- Back up your data regularly and consistently
- Establish retention periods and restore scenarios to prioritise which critical systems need quick restore capabilities to reduce the impact
OT systems, which are vital to safe navigation and operation, should have backup systems to enable your ship to quickly and safely regain navigational and operational capabilities after a cyber incident.
The cost of ransomware attacks
Having a vessel (or several) out of operation is costly for you as a shipping company. The downtime, while systems are being restored following an attack, represents lost revenue and increases personnel costs. Security and IT personnel get diverted from their regular duties, resulting in lost productivity and a backlog of work.
Furthermore, a ransomware attack can tarnish your company’s reputation, potentially turning off charterers and cargo owners.
Looking beyond figures and brand reputation, a ransomware attack may also put cargo, crew and even the ship itself in harm’s way – ultimately posing a risk to your very business.
Hence, protecting your ships from ransomware is not only important but vital.
Editor’s note: This article was originally published in July 2019 and has been revised and updated for accuracy and comprehensiveness.