ASCO is the latest headline-making organization to be hit by ransomware, prompting many companies to consider what to do to minimize their risk.
A ransomware attack on Belgian airplane manufacturer ASCO this week is the latest in a string of incidents that show the unique danger lurking in this type of malware campaign. The rise of ransomware has cost companies millions to remediate – both in making payments and in system restoration and downtime – and should be prompting organizations of all sizes to take preventative measures.
ASCO, one of the world’s largest airplane suppliers, said this week that it shut down production in its factories in Canada, Germany and the U.S. after a ransomware infection crippled its plant in Zaventem, Belgium. About 1,000 of its 1,400 workers have been given leave for the week as the company works to remediate the issue, according to German media outlets. Whether ASCO has paid the ransom is unclear, but the impact on its operations is clearly severe.
Airplane manufacturer ASCO being hit by ransomware continues [the] trend of cybercriminals focusing their efforts on industry and manufacturing as their targets – recognizing the hugely costly and disruptive effect such a shutdown will have on the business,” said Shlomie Liberow, technical program manager at HackerOne, via email. “Public understanding of ransomware is on the rise, so if ASCO reacts quickly and in a way that keeps relevant stakeholders informed, hopefully it will see no lasting damage to reputation.
A String of High-Profile Incidents
According to Verizon’s 2019 Data Breach Investigations Report (DBIR), ransomware attacks are still going strong, accounting for nearly 24 percent of incidents where malware was used. And according to the FBI’s Internet Crime Report, 1,493 ransomware attacks, resulting in losses of $3.6 million, were reported in 2018. And that represents only those attacks that were reported to directly to the FBI.
Also, while ransomware attacks are on the rise, so too is the scope of the attacks. Chris Dawson, threat intelligence lead at Proofpoint, said that recent incidents point to threat actors attempting to take advantage of deeper pockets and higher stakes to demand much larger ransoms – as opposed to previous campaigns, targeting individuals, that demanded hundreds of dollars to unlock an individual PC.
This is exemplified in a string of high-profile ransomware attacks on large municipalities, manufacturers and other companies over the past year, of which the ASCO incident is a continuation. In 2018, several Atlanta city systems were crippled after a ransomware attack extorted the municipality for $51,000. Although Atlanta officials were vocal about not paying the ransom, the city ended up spending $2.6 million to recover. These expenditures covered incident response and digital forensics, additional staffing and Microsoft Cloud infrastructure expertise.
The city of Baltimore is another recent victim of ransomware, which hit in May and halted some city services like water bills, permits and more. Like Atlanta, Baltimore officials refused to pay the $76,000 ransom – but ended up dishing out $18.2 million in restoration costs and lost revenue.
And in one of the most high-profile cases, Norsk Hydro fell victim in March to a serious ransomware attack that forced it to shut down or isolate several plants and send several more into manual mode. The attack ultimately cost the aluminum giant $40 million.