How Fleets Can Double Down on Ransomware Protection
[Stay on top of transportation news: Get TTNews in your inbox.]
With the threat of ransomware reaching new heights in 2021, many trucking and logistics companies are doubling down on their defenses against the scourge to make sure they’ve done everything they can to avoid becoming its next victim.
“Ransomware is at the top of the IT team’s challenges — between trying to use technology to protect against attacks and the never-ending task of educating end users what to watch for,” said Dan Brewer, vice president of information technology at Wilson Logistics.
Indeed, successful ransomware attacks on key infrastructure and supply lines in the United States have proven so visceral this year that they’ve triggered an executive order from President Joe Biden nudging all U.S. businesses to get serious about ransomware protection.
Dysart
One trucking company that has experienced the impact of ransomware firsthand is Titan Transfer, which has been hacked twice during the past year, resulting in “total disruption” of Titan’s day-to-day operations, according to Tommy Hodges, the company’s chairman.
“I think the web has created an environment where the criminal mind can run free, and anyone or any business — and that’s basically all of us — is vulnerable to attacks and subject to data loss or ransomware,” he said.
Titan was luckier than most. It was able to rebuild its files in four days, Hodges said. But those four days without computers were a nightmare.
“That’s four days of running trucks in the dark like we did back in the ’70s and into the ’80s,” he said. “You can’t identify them, you can’t find them, and you and the FBI can’t catch them. So you have to admit that it is out there and spend the necessary resources to protect your own operation as best you can.”
During 2021 alone, businesses across the U.S. have been reeling from successful ransomware attacks, including attacks against IT management software developer SolarWinds and the disruption of service on the Colonial Pipeline, the largest conduit of refined oil products in the United States.
Granted, authorities have occasionally gotten lucky against ransomware hackers this year. Excellent cyberforensic work by the U.S. Department of Justice, for example, clawed back $2.3 million in bitcoin that Colonial Pipeline paid to ransomware hackers to help get its computer network up and running again.
Nonetheless, hackers more often than not get away with their exploits as they attempt to extort tens of thousands of businesses across the globe each year.
Overall, 37% of organizations across the globe have experienced some sort of ransomware attack between May 2020 and April 2021, according to a study by cybersecurity firm Sophos. Based on that survey of 5,400 IT managers at midsize organizations across 30 countries, the study also found that the average ransom paid to recover data from these attacks was $170,404.
Q3 iTECH Stories
►Rise of the Smart Trailer
►Vendors Prep for E-Logs in Canada
►Fleets Find Ways to Harness Trailer Tracking Data
►Dysart: How Fleets Can Double Down on Ransomware Protection
►Clevenger: iTECH Has a New Look With a Familiar Feel
Criminals behind successful ransomware attacks often break promises to restore files once ransoms were paid, the Sophos study found. On average, victimized organizations in the study that paid ransoms only got back 65% of their data, and only 8% of organizations forking over money to the extorters were able to retrieve all of their files, according to the study.
Many fleets have gotten the message that to guard against ransomware, they should at least be keeping multiple backups of their data, including at least one full backup of data that remains disconnected from the internet at all times. That tactic could frustrate hackers’ attempts to infect your system’s backup data at the same time they are penetrating your computer network.
“Immutable and/or offline backups are becoming critical,” said Tom Baughman, executive vice president of technology at Kenan Advantage Group. “Attackers know that backups are a company’s primary recovery tool in the event of widespread file encryption or corruption and are working very hard to avoid detection and infect all the backups within a company’s normal recovery window or rotation.”
Ray LaPrade, vice president of informational technology at CalArk International, agreed.
“The best approach for a successful disaster recovery plan is to have multiple backups in multiple locations — don’t rely on a single backup set in a single location,” he said.
Wilson Logistics’ Brewer added: “It’s also necessary to keep several generations of backups in the event there is time-delay malware [embedded] in the backups.”
Of course, ensuring your data has multiple backups is only one component of a comprehensive plan to thwart hackers.
“While it is important to have backups, there’s no single magic bullet to combat ransomware, so a combination of protections is required,” said Jane Jazrawy, CEO of CarriersEdge.
“This approach is referred to as a ‘Swiss cheese model’ — the analogy being that you have to apply layers of protection on top of each other to cover the holes in the layers underneath,” she said. “Only when all holes are covered do you have sufficient protection.”
Even companies taking significant cybersecurity measures can still be vulnerable, though.
“Prior to last year, I really thought that it would never happen to us,” Titan’s Hodges said. “I figured there were a lot of other fish in the pond.”
Prior to the first time Titan Transfer was hit with a ransomware attack, the company was using one of the nation’s premier data backup services, he said.
“The hackers managed to infiltrate their security through one of only four email addresses that had access to the backup platform,” Hodges said. “After our second attack, we built out a secondary server system so that we are continuously backed up and the most data we could lose would be a few hours. We developed a system to back this data up without being connected to our host server.”
Fortunately, cybersecurity experts have been busy strengthening software that is specifically designed to thwart ransomware attacks.
Here’s a representative sampling of that software, all highly rated and all available at entry-level prices.
- Bitdefender Antivirus Plus: A player in the anti-ransomware space for a number of years now, Bitdefender Plus offers many layers of anti-ransomware protection along with many other security features. The software is designed to eliminate known ransomware on the spot. It will also watch for unexpected behaviors on your network that indicate ransomware activity, such as a sudden, wholesale change in the names of files. Bitdefender backs up all your files at the first whiff of what it determines may be a ransomware attack beginning to deploy, and then restores the files after the attack has been fully neutralized.
- ZoneAlarm by Checkpoint: This is another highly rated anti-ransomware package that erases all vestiges of ransomware on your computer system once detected. It also embeds “bait” files on your computer or network that are designed to lure ransomware into encrypting those files first — setting off alarms and enabling ZoneAlarm to neutralize the attack before it spreads to actual company files.
- Kaspersky Security Cloud: Kaspersky is designed to protect against two types of ransomware: one, which encrypts your files, making them unusable to you; and two, ransomware that encrypts your entire hard disk, making the entire computing device unusable. Kaspersky can also neutralize ransomware that locks up your computer screen and it offers monitoring and auto-neutralization of typical ransomware behaviors, such as the wholesale renaming of files and/or file extensions.
- Sophos Home Premium: This program is a light version of a more robust anti-ransomware package that Sophos offers to enterprise-level businesses. Sophos is designed to plug known security holes in commonly used software. It could do the trick for a small trucking business that decides enterprise-level protection is not necessary, especially since this light version enables you to remotely safeguard software on up to 10 remote computers.
- NeuShield Data Sentinel: NeuShield is the only candidate in this pack that does not offer ransomware protection. Instead, NeuShield is an “after-the-fact” ransomware product, which offers one-click restoration of files encrypted by ransomware — if possible. Users install NeuShield on their computers before an attack occurs. That enables NeuShield to ‘virtualize’ any changes to the files on your system. Theoretically, virtualized files cannot be corrupted by a ransomware attack, given that they are not fully operational files.
Joe Dysart is an internet speaker and business consultant based in Manhattan. Voice: (631) 438-1142. Email: joe@dysartnewsfeatures.com. Web: dysartnewsfeatures.com.
Want more news? Listen to today's daily briefing below or go here for more info: