Ransomware: A Tale of Two Different Manufacturers

It wasn’t long after I published my last blog post when I came across news that a major manufacturer announced it was hit by a major cyberattack. According to TechCrunch, Aebi Schmidt was hit by a ransomware attack.

The large-scale European manufacturer of road-cleaning and airport maintenance vehicles had its operations interrupted on Tuesday, April 23. While computer systems went down across its international sites, including at its U.S. operations, Abei Schmidt’s European operations seem to have been hit the hardest.

The times are changing for the manufacturing, but also for cybersecurity. As I said in my last post, manufacturing is the No. 2 targeted industry for cybercriminals, and ransomware is the No. 1 way they’re attacking. In a nutshell, ransomware is a much easier way to earn an illicit buck than learning to hack a system to get money directly.

Free Business System Review: Sign up for a free meeting with our Sage Certified Consultants to determine if your current business system meets your future goals. Click here to learn more.

And this isn’t the only manufacturer making the wrong kind of headlines, according to the TechChunch article. While it’s still too early to see how Abei Schmidt handles their attack. we can examine how these other two manufacturers dealt with getting hit.

Norsk Hydro: Back up and running after backup plan

On March 19, 2019, one of the largest aluminum manufacturers in the world confirmed its operations were disrupted by a ransomware attack. Norsk Hydro was targeted by the new LockerGoga ransomware, reportedly affecting most of its business areas, especially its key smelting operations.

ransomware computer

Since manufacturing is the No. 2 targeted industry for cyberattackers, it’s important to have a plan in place in case of a ransomware attack.

The manufacturer put its emergency plan in place, which included switching to manual operations and restoring from backups. Hydro also posted signs that warned employees to not connect any devices to the company’s network.

“Experts from Microsoft and other IT security partners have flown in to aid Hydro in taking all necessary actions in a systematic way to get business critical systems back in normal operation,” Jo De Vliegher, Hydro’s head of information systems, said in a press release two days after the attack.

A week after the attack, most of its business areas were up and running as normal or with a mix of manual operations keeping it going, according to a March 26 press release. Only its Extruded Solutions and Precision Tubing systems were operating at 70- to 80-percent capacity.

In the week following the attack, Hydro reported approximately $40 million in lost revenue resulting from the cyberattack. Because the company had an action plan in place, it looks like Hydro didn’t suffer as much as other manufacturers have.

While $40 million doesn’t sound like “not suffering,” it’s not as bad as other companies that were hit with similar ransomware attacks, according to ZD Net. Danish shipping giant Maersk was hit for $300 million in damages and the Spanish food company Mondelez was hit for $100 million during the NotPetya ransomware attack in 2017.

On the other hand, would the damages have been much worse if they weren’t prepared? Let’s look at another example brought up by TechCrunch around the same time of the Abei Schmidt attack.

Arizona Beverages: Ignore the warning signs at your own risk

By all accounts, it looks like Arizona Beverages was not prepared to handle a large-scale attack on its networks, according to a TechCrunch article. The maker of well-known Arizona Iced Tea made several key mistakes before and after its early-April ransomware attack, reports show.

First of all, an anonymous source close to the situation said the FBI warned Arizona Beverages of an apparent Dirdex malware infection weeks before it was apparently hit by iEncrypt malware. The Dridex infection apparently allowed easy entry for the iEncrypt ransomware, according to the source.

Also, the Arizona Beverages source said the company had not been proactive in keeping its Windows systems up to date. The source gave the following information to TechCrunch: “Many of the back-end servers were running old and outdated Windows operating systems that are no longer supported. Most hadn’t received security patches in years. The source said they were ‘surprised’ an attack hadn’t come sooner given the age of their systems.”

The day after the attack, it was discovered the backup system wasn’t configured properly and Arizona Beverages had to sign an expensive contract to recover its data, the source said. The source also said the company didn’t bring in an incident response team to handle the outbreak for another five days, and the company spent “hundreds of thousands” on new software, hardware and recovery costs. Aside from attacking the company’s servers, the source said the ransomware hit the company’s Exchange server and all computers that allowed the company to process orders.

As Arizona Beverages is a privately-held company, they do not need to report their financials. The source told TechCrunch Arizona Beverages was losing “millions of dollars a day in sales” when the attack was first happening. We may never know how much this truly cost the New York-based beverage company dollar-wise, but we can definitely see how much ransomware disrupted their business.

Ransomware: An ounce of prevention is worth a pound of cure

Nobody likes their dirty laundry aired in public, but these companies’ horror stories may help other companies avoid a similar event. Without question, the No. 1 thing any manufacturer can do to avoid becoming a victim is to be prepared.

We here at Practical Software Solutions encourage our customers to stay up-to-date with all software, whether it’s their ERP software, operating systems, or servers. As a Sage Authorized Partner, we can only help so much, but having up-to-date software means having up-to-date protections against the latest threats.

This is the same no matter what business system you use. The TechCrunch article said Aebi Schmidt uses SAP, and that’s no knock on that ERP system. If any part of their system wasn’t completely updated, it gives cybercriminals all the room they need to infiltrate a company.

Also, make sure your backups are in order. While Arizona Beverages struggled when it was found their backups hadn’t been working, Hyrdo was able to recover quicker because their backups were in place.

Education is also part of prevention. All manufacturing employees with access to company e-mail or a company computer must be educated on the threats of phishing and other forms of social engineering. There were two phishing attempts directed at Practical last week alone. One tried to mimic our owner, Vince Stamey, instructing employees to buy gift cards and the other was directing us to download an attachment.

Your ERP software partner most likely is not a cybersecurity expert. We recommend finding a security expert willing to work alongside your partner to make sure any precautions they take match up with the ones your partner can handle on their end.

And if the worst does happen, make sure you have a plan to help get your company back up and running as quickly as possible. Pointing fingers and making excuses won’t take back the attack. But being prepared can help stem the bleeding and get your company back on the road to recovery.

What steps has your company put in place to prepare for a cyberattack? We all become more prepared when we share. Share in the comments below.

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Anti-Spam by WP-SpamShield