The recent ransomware attack on the Duvel Moltgat brewery demonstrated the very real risk that cybersecurity incidents pose to the alcohol industry, disrupting operations at four Duvel Moltgat facilities in Europe and the United States for several days. It has reportedly been suspended. This attack comes after other major alcohol manufacturers experienced devastating ransomware attacks in the past few years. Such incidents can have a devastating impact on a company's business and reputation, and hackers' strategies are constantly evolving to maximize damage. However, companies can prepare information security programs designed to prevent successful attacks and respond quickly if they occur. An experienced partner like McDermott is a critical resource throughout this process, allowing businesses to better update and strengthen their security programs.
The growing threat of attacks
Hackers have been extorting businesses through ransomware attacks for decades, but their strategies have evolved to increase the risk to businesses, and hackers' ransoms are often high. It will be. A “ransomware” attack is traditionally a strategy in which a hacker gains access to a victim's computer system, encrypts information on those systems, and demands a ransom payment to unlock that information. refers to. Victims may try to avoid paying the ransom by restoring large portions of their systems from backups, but hackers have recently introduced additional strategies that may complicate that restoration. . Today, hackers often attempt to steal a victim's information before encrypting it on the victim's system so that they can sell or publish the information if the victim refuses to pay the ransom. Hackers may also try to “corrupt” backups so that the victim cannot effectively restore the system without the hacker's assistance. One of his ransomware groups, AlphV, says it will also report to the US Securities and Exchange Commission if publicly traded victims do not pay the ransom.
Deciding whether to pay a ransom is a complex decision, and both choices come with significant risks. The ransom is likely to be high and must be paid without any guarantee that the hackers will keep their promises. The decryption software or key may not work or the hacker may not be able to remove the information. LockBit, one of his hacking groups, is believed to have saved victims' information after the ransom was paid, despite promising to delete it. Hackers may be willing to negotiate a lower payment, but doing so takes valuable time, during which time the victim's system is likely to remain inoperable. Hackers may be subject to sanctions, in which case paying the ransom may be illegal and result in fines for victims. Paying the ransom rewards the hackers and may increase the risk that they will target the victim again. There is rarely a clear path back to safety after a successful breach, so it is important for victims to make informed and efficient decisions.
Opportunities for preparedness and prevention
Companies can minimize these risks by maintaining a security program designed to prevent incidents from occurring and respond effectively when they do occur. A security program utilizes administrative, technical, and physical security policies and procedures to help personnel detect and report actual or pending incidents and to ensure that corporate systems are free of suspicious files or behavior. must be actively monitored to protect corporate facilities from unauthorized intrusion. Security programs should be regularly tested and updated to identify weaknesses, implement appropriate detection and response solutions, and plan to respond to evolving hacker strategies and business demands. Incident response plans should be tested regularly to ensure that they accurately reflect the company's resources and priorities and that responders are prepared to implement the plan as needed. .
Companies should also leverage third-party experts to improve preparedness and response efficiency. These partners don't need to have experience with an incident first and can provide specific knowledge and perspectives that can help your company properly plan for an incident. For example, an experienced law firm like McDermott can advise companies on their legal obligations, help identify and address security program risks, and assist with incident investigation and response, all while protecting company privileges. can. By leveraging this support early, companies can discover and address their weaknesses before they are exploited, gain a deeper understanding of other companies' approaches to these issues, and help partners align on company priorities. You can confirm that you are doing so. When an incident occurs, an effective third-party partner can efficiently advise victims of their obligations, options, and risks. Provide additional resources to busy teams. Helps prioritize response activities based on business needs.
conclusion
Cybersecurity incidents can quickly become costly, complex, and devastating for victims. Hackers are continually refining their methods of obtaining larger ransoms, and once an incident occurs, victims often have no way to confirm whether the problem can be fully repaired. Businesses can limit risk by having systems in place to protect against threats and respond to any incidents that occur. Companies should also regularly consult with outside experts to assess and improve their protection and ensure that their security programs do not become obsolete.
