As the oil and gas industry increasingly depends on digital technologies, it is becoming an increasingly more viable target for cyberattacks. While there are various cyberthreats facing the industry, ransomware has taken center stage.

Ransomware has become one of the mostif not the most prevalent, effective and successful form of cybercrime. Ransomware is simple to create and distribute and offers cybercriminals an extremely low-risk, high-reward business model for monetizing malware.

Simple On The Inside, Complex On The Outside

Ransomware has the capability to infiltrate networks in the same way that regular malware does. Although it primarily navigates through email, it’s also capable of invading networks via malicious websites, pirated software, etc.

A standout quality of ransomware code is its simplicity. Ransomware is sneaky and sly. This is because unlike many types of traditional malware, in most cases ransomware does not need to remain undetected, i.e. persistent, for long to achieve its goal.

  1. ability to be easily implemented is attractive to both beginner and experienced cyber criminals, making it more and more common. Although ransomware has its simplicities, it also has some complex attributes, such as the e-marketing effort that drives its distribution.

Most ransomware employers know their targets inside and out. They tailor their messaging so that they may obtain the most damaging results. It is not uncommon for a ransomware gang to run multiple campaigns at the same time, with tiered pricing based on a variety of parameters such as vertical industry, region, age, etc.

While ransoms have surpassed hundreds of thousands of dollars, the goal is to set a price that makes it either cheaper or easier for the victims to pay the ransom than to recreate or restore the compromised systems, especially when the victim has a sense of urgency, such as critical production or transmission services being disabled.

Ransomware Realities

It can take days to restore from backup, which makes it cheaper and easier for victims to pay the ransom. Consider the oil and gas companies that were affected by Shamoon, the devastating ransomware attack launched by Iranian hackers in 2017. Shamoon targeted Saudi oil and gas manufacturers, wiping and encrypting their networks’ files.

This attack had significant financial implications, as the hackers demanded hundreds of thousands of bitcoin in return for the files. It took affected corporations weeks to recover. Now, with heightened political tensions between the U.S. and Iran, a notable motive exists, and as we have learned from the past, so does the means. With the rumors of a similar attack in the near future spreading throughout the cybersecurity industry, it’s crucial that organizations protect and prepare themselves.

How To Mitigate Risk

Many oil and gas firms don’t have adequate resources to protect themselves against cybersecurity threats. However, there are a number of simple, affordable ways to minimize susceptibility to ransomware. Here are some tips you can follow to mitigate ransomware risk and limit the fallout of a ransomware attack:

  1. Maintain regular and constant backups of important files and consistently verify that the backups can be restored. Be cognizant and filter potentially malicious web sites and emails.
  2. Ransomware is often delivered through the exact same channels as other types of malware. Sometimes it’s even bundled and downloaded together with other types of malware. Avoid common malware delivery tactics such as:
    1. Refrain from downloading pirated software / paid software offered for “free.” Remember—when a paid product is offered for free—you are the actual product.
    2. Don’t download software from any non-trusted sources or websites.
    3. Don’t download key-gen / password cracking / license check removal software.
    4. Don’t open email attachments from unknown / unexpected senders.
    5. Educate users accordingly
  3. Review cyber insurance plansmake sure they are in line with the level of risk you want from ransomwarehelp to innovate the industry by requesting a “ransomware clause” for cyber extortion that would eliminate the inability to publicly disclose and adjust the unrealistic high deductible to be more in line with current ransom demands.
  4. Whether you pay or not, keep in mind that attackers will always try and extract useful data off a compromised machine. Assume all sensitive data on the machine was compromised, this potentially includes; usernames and passwords for internal or web resources, payment information and email addresses of contacts.
  5. Consider deployment of advanced anti-ransomware technology, such as RansomFree or RansomBuster, to prevent execution of ransomware, either as a standalone tool or incorporated into the organizational anti-malware platform.

Finally, if you have not taken precautions in advance, then it might be easiest to pay, and better prepare for the next attack.

Israel Barak is chief information security officer for Cybereason, a Boston-based cybersecurity company.