Flexible Metal takes steps to defang EKANS ransomware

FIELD INTELLIGENCE: Smart Processes, Solutions & Strategies

FortiGaurd Labs recently reported that malware designed to attack industrial control systems is still a very lucrative attack method for cybercriminals. The EKANS ransomware family does just that, and manufacturers must be prepared for it.

According to FortiGaurd, EKANS (“snake” spelled backwards) deliberately selects its victims. Like most ransomware strains, it encrypts files and demands payment for a decryption key when it lands on a vulnerable machine. But this strain also can turn off host firewalls, which can cause a wide range of issues in an industrial environment. That makes taking a two-pronged approach to ransomware readiness that much more important—meaning IT teams must tightly integrate their business continuity, disaster recovery (BCDR) and cybersecurity protocols to reduce the chance they’ll suffer irreversible losses from such attacks.

Manufacturers first need to see if they’re committing any cyber hygiene sins. This can include:

• Underestimating the human impact on ransomware preparedness: It’s critical to have an employee education initiative in place to make sure they’re updated on threats and trained on how to spot suspicious links and attachments that can give cybercriminals the credentials and access they need to start infiltrating the network.
• Granting admin access to too many users: It’s important to limit the number of people who have these permissions. Should a breach occur, this can go a long way in limiting cybercriminals’ access to business-critical data.
• Falling behind on patching: Data breaches can be successful simply because systems haven’t been patched properly. This process can be automated to save time and ensure no patches are missed.
• Using legacy BCDR technology: Retiring legacy IT systems can also reduce the chance that the business is attacked through a piece of technology that wasn’t designed to stand up against modern cybercrime.

For example, Flexible Metal, a metal bellows maker, once relied on Veritas Backup Exec. But backups were too slow and taxing on the network and were conducted at the file level instead of the byte level.

The firm’s leaders knew they needed to upgrade their backup processes to avoid damaging data loss if they were attacked while an older breed of Veritas’ backups were taking place. So they switched to Arcserve UDP, which let them easily protect 48 terabytes of data and gave their IT team more time to spend on other pressing matters.

Ensuring the business isn’t committing any serious cyber hygiene faux pas is a critical step. But IT must also implement policies and procedures that address all ransomware threats. One good place to start is by assessing and categorizing business- and mission-critical data so the team understands where everything is stored, and which workloads and applications must come back online first to limit extended operational downtime. In doing this, IT teams should also be able to identify if they need more redundancy in their backups.

In addition to dismantling firewalls and other cybersecurity defenses, many ransomware gangs have also started to target backups themselves. IT teams must now start to fortify backup data the same way they protect production data. Applying protection that can detect both known and unknown malware across backups is key.

The most important thing for manufacturers to remember is that they need to constantly revisit their technology, policies, processes, and people to make sure their organization is keeping pace with the innovation of cybercrime.