Ransomware: the risks and ramifications for rural industries


WannaCry. NotPetya. REvil. The names may not be on your radar but if you’re a business owner or a decision maker within one, please read on as they could very well enter your life and cause serious implications.


Today we’re looking at the rise of ransomware and how this type of ferocious cyber-attack is causing devastating losses to all types of businesses and their supply chains. The National Cyber Security Centre warned last month that ransomware is the greatest threat to UK businesses.

The agri-farming sector is rather susceptible to attack due to the misconception that criminals are not interested in a local, micro enterprise - they most certainly are, with 39% of cyber-attacks being committed against small businesses.


Action Fraud’s National Fraud Intelligence Bureau (NFIB) states that more than 4,000 businesses throughout Avon, Somerset, Devon, Cornwall, Dorset, Wiltshire and Gloucestershire reported a computer virus breach in 2020 but with many incidents going unreported, this is just the beginning of what we know.





What is ransomware?

Ransomware is a type of malware or malicious software (WannaCry is an example) that stops you from accessing your systems or the data held on them. The data is usually encrypted, but can also be deleted or stolen, and your computer itself may become inaccessible.


The individuals or criminal gangs – such as NotPetya and REvil - responsible for the attack will send a ransom message demanding payment to recover the data. This is what happened to meat processor JBS last month and cost the business close to £8m.


A recent new trend has seen criminals threatening to release sensitive company data they’ve stolen for failure to comply with payment. Some even take this further by naming and shaming those who don’t adhere to the demands on the darknet.


How do ransomware attacks happen?

Cyber criminals are looking for quick-wins and will exploit the following:

  • Having weak passwords for your email accounts and in-house systems – this is the equivalent of leaving the gate of the field ajar. The fox (online intruder) will sneak in quietly and go for your animals (data)

  • Not enabling the use of two factor authentication (2FA) – this is a way of double checking that you are the intended user of an online service such as banking or email. A verification code is sent (sometimes through an authenticator app) to a second factor that only you can access before you can get into your service account.

  • Unpatched software – keeping devices up to date is essential as this indicates that software developers have found a hole in the system and are providing a solution but it’s imperative to install the updates in order to stay protected and save your bacon.

Imagine leaked information about underperforming land being made public or your automated vehicles become immobilised right before harvest. The SWCRC hopes that you never have to experience this, so we’ve put together this video with a roundup of easy steps for keeping your data protected.






The damage an attack can cause

The impact of a successful ransomware attack can have devastating consequences. The financial impact is usually a severe, immediate blow but the recovery time to get crucial systems and services back up and running again is also significant. When one business is breached, its supply chain can also be compromised as a direct result, potentially leaving your hard-earned reputation in tatters in a matter of moments. Depending on the scale of the attack, it can also garner widespread interest from the public and media interest.


Would you know how to report an incident? Do you have a plan in place to inform your supply chain should the worst happen? How would you manage the delivery of animal feed that is about to arrive and the system is down? That big contract to supply a new client? It could be hanging in the balance now.


The pressure points increase rapidly with a breach and this is not to scare you but rather to encourage getting all your ducks in a row when it comes to safeguarding your business with cyber basic best practice.


Taking the bull by the horns

The SWCRC is fully committed to keeping the business community safe and the local economy where it rightfully belongs. We offer a range of services for businesses to help identify any digital vulnerabilities and weaknesses including through core membership, which is completely free of charge. Join today to receive practical guidance, regular updates on cyber news and latest threats, so you can further your cyber awareness and resilience.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South West is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South West provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the South West does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South West is not responsible for the content of external internet sites that link to this site or which are linked from it.