The disaster that followed the Colonial Pipeline ransomware attack brought home to everyone just how vulnerable our national supply chain is, but many don’t realize that these assaults on logistics providers have been going on for years.
On June 2, the Massachusetts Steamship Authority Martha’s Vineyard ferry service fell victim to a ransomware attack. Last year, logistics companies struck by these attacks included Forward Air, the French container shipping company CMA CGM, Pennsylvania-based Greatwide Truckload Management, Canadian motor carrier Boutin Express and Germany’s Seifert Logistics Group, according to a recent article in FreightWaves.
These attacks typically begin when an employee accidentally clicks on a malicious link that then allows the attackers into your system.
The U.S. government’s National Institute of Standards and Technology Computer Security Resource Center offers useful advice about how the management of logistics service providers can act to prevent such attacks from disrupting your business and costing you money.
➔ Use antivirus software at all times – and make sure it’s set up to automatically scan your emails and removable media (e.g., flash drives) for ransomware and other malware.
➔ Keep all computers fully patched.
➔ Use security products or services that block access to known ransomware sites on the Internet.
➔ Configure operating systems or use third-party software to allow only authorized applications
to run on computers, thus preventing ransomware from working.
➔ Restrict or ban use of personally-owned devices on company networks and for remote access or telework without adding to security.
The Computer Security Resource Center also advises following these tips for work computers:
➔ Use standard user accounts instead of accounts with administrative privileges whenever possible.
➔ Avoid using personal applications and Websites, such as email, chat, and social media, from work computers.
➔ Avoid opening files, clicking on links, etc., from unknown sources without first checking them for suspicious content.
For example, the center says you can run an antivirus scan on a file, or look at a link to see if it goes to the site it claims to be going to.
“Organizations without dedicated cybersecurity professionals should consider establishing
relationships with third-party cybersecurity service providers and using their expertise to assist in improving their protection against ransomware,” the center recommends.
Unfortunately, even with protective measures, a ransomware attack may succeed. Prepare by taking steps to ensure that information will not be corrupted or lost, and normal operations can resume quickly. You can take the following steps:
➔ Implement an incident recovery plan with defined roles and strategies for decision making, and regularly exercise that plan.
➔ Carefully plan, implement, and regularly test a data backup and restoration strategy. It’s important not only to have secure backups of all your important data but also to make sure that these backups are kept isolated so ransomware can’t readily spread to them.
➔ Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement, and understand the role of each contact in recovery efforts.