The last three weeks have been high profile for ransomware attacks in the US. The outdoor navigation company Garmin was hit in late July with a huge ransomware attack and paid multiple millions of dollars to a hacker group in Russia known as Evil Corp. While most of us know Garmin for fitness apps, the real impact here was that pilots were unable to update or download new maps from Garmin’s flight navigation server which is a MAJOR safety issue! Just last week, the Maze hacker group locked the camera manufacturer and multimedia company Canon offline. According to Maze, stole 4 TB of sensitive data. To date Maze has only proven marketing content. With as fast as Canon came back online, most practitioners surmise that they paid the ransom. This week the Sodinokibi group who run the REvil malware set announced that they stole over a terabyte of data (including substantial intellectual property and client data) from Brown-Forman, the US liquor conglomerate that owns brands like Jack Daniels, Finlandia, and Sonoma-Cutter wines among others. Brown-Forman confirmed that the data had been ex-filtrated but are not currently pursuing paying the ransom. It appears that neither Evil Corp nor Maze are specifically targeting intellectual property but are using intellectual property and or blocked access to leverage high ransoms.
It doesn’t matter your industry: every revenue stream is a target.
Recommendations: First, do a business impact analysis and tie real, hard, legitimate numbers to the impact of ransomware. Make sure to include both top line impacts such as lost revenue, lost time, lost reputation and bottom line impacts such as costs to contain, remediate, re-architect, and recover. Once you know what the dollar amount of the risk is, it’s significantly easier to advocate for mitigation resources.