The Rise of Ransomware: How Fleets are Fighting Back

With proper measures and caution in place, the transportation sector can mitigate these attacks to limit disruption to their daily operations.

James Thew Adobe Stock 263959295
James Thew AdobeStock_263959295

As a significant component of the global supply chain during one of the worst economic downturns in recent history, the transportation industry became a prime target for cybercrime over the last year. Financially motivated to attack this key sector during a time when businesses were overwhelmed (and therefore less likely to detect malicious activity), bad actors seized on this opportunity, ready to make some fast cash.

Ransomware attacks specifically began to pose a more serious threat, looking to bring fleets across the country to their knees, targeting the “easier” victims in dire need to get operations back up and running as soon as possible. So many began to realize this opportunity that ransomware attacks rose by 715% year-over-year in the first half of 2020 alone. However, with proper measures and caution in place, the transportation sector can mitigate these attacks to limit disruption to their daily operations.

Why ransomware?

To avoid becoming the next ransomware victim, it’s important to understand what the threat is. A ransomware attack is when a criminal gains access to a company’s internal system, locking users out, or holding data hostage for a ransom payment. However, most bad actors aren’t in it for the data – that collateral businesses are willing to pay to get it back is the big prize.

A more frightening aspect of ransomware attacks is just how easily a criminal can infiltrate the back end of a company or database. Just a single email with a malicious link can give criminals access to credentials to a company’s system. From that single foothold, the criminal will begin to quietly move through a company’s defenses. Traditional social engineering, like a phony phone call posing as a staff member, can also net unwarranted access to criminals if the staff member falls for the trick.

With the growth in Internet of Things (IoT) devices deployed in factories, warehouses and the trucks delivering the goods, there is an even greater opportunity for bad actors to get into the system. Many devices run on Bluetooth or WiFi technology, which is a vector cybercriminals often take advantage of. Any malice actions toward a device would likely have to be done in close proximity to it, but it’s still a vulnerability businesses should consider when looking at their overall cyber defense strategy.

What’s at stake

Aside from having to pay the cost of the ransom, transportation organizations targeted by these attacks face many risks. The most notable is disruption to daily operations. If locked out of their own systems, a company will not be able to service customers properly, losing access to schedules and missing key delivery times. For one, there’s the potential to lose lines of communication, which would make it difficult for drivers to receive real-time updates from their reporting office and ensure they’re driving optimal routes (e.g. avoiding traffic). Fleets can also face the ultimate risk of losing critical data like contact information, determined routes and safety data that would have long-term impacts on the business.

Additionally, there are reputational risks that need to be considered. When news spreads about ransomware hurting an organization, there will be a prolonged impact. Current customers can be inclined to switch to a different provider and signing new customers will prove a challenge when negative press associated with the attack surfaces.

How fleets can fight back

Downtime due to a ransomware attack simply isn’t an option for most transportation companies. To ensure they are protected from potential incidents, there are several steps they should take.

Education. The first step is educating the workforce. It doesn’t matter if it is a small fleet with fewer than fifty employees or a large provider with thousands – all staff from top to bottom must have a basic security education to reduce the risk of putting the company in a compromised position. To start, invest in trainings that teach what suspicious activity to be on the lookout for (e.g., phishing emails). Also consider holding internal drills so any potential breach can be correctly addressed when the time comes.

Preparation. Fleets must also take a look at all of their business processes to determine what’s the most critical and ensure there are proper back up methods in place in the event of an incident. For example, if a fleet’s communication or scheduling system goes down, they can identify how and when they should revert to paper and pencil methods until their solution is back up and running.

Outside support. Organizations should have a relationship with a third-party that can assist with planning and response. For example, a business can connect with a security vendor to help build up security defenses or run mock attacks to make sure the company is prepared to respond. Although this can seem like an expensive step, the cost is far cheaper than the downtime. There’s also an opportunity to build relationships with law enforcement agencies like the FBI. For many, this may seem like an unnecessary step, but being able to accurately report a ransomware attack to a connected source can help with recovery and increase the chances of the criminal being brought to justice.

Ransomware and security threats continue to be a focal issue for the entire transportation industry. The supply chain will remain a major factor of the overall economy, and as a result, companies that take part in the movement of goods will remain high-value targets for cybercriminals. As the backbone of the supply chain, it’s critical for the transportation industry to remain protected and taking these preliminary steps can help.