Cybersecurity Alert: Ransomware in the Construction Industry

Given the size and volume of cash and wire transactions that take place in the construction industry, contractor firms are prime targets for cybercriminals looking to access client information, steal money and intellectual property, or encrypt data for ransom. A ransomware attack is just one way a cyber thief can cripple a small-to-medium-size construction company, rendering it bankrupt.

What is ransomware?

Ransomware is type of malware that takes over a computer (or many computers on a network) and encrypts the data stored on the machine, preventing the owner from accessing it. The attacker then demands a ransom to regain access. If the ransom is paid, the cybercriminal will send instructions to obtain a “key” to decrypt the data. If the ransom isn’t paid, the individual or organization loses access to the encrypted data permanently and must restore the information from their most recent backups. Worse still, the ransom is normally paid in bitcoin, a form of cryptocurrency that’s hard to trace. In 2017, ransomware cost businesses more than $75 billion; those figures are likely to rise in 2018 and 2019. Ransomware can affect both organizations and home users.

How do computers become infected?

The majority of ransomware infections begin with a phishing email. An attacker will send an email with an attachment that will download the malware when it’s opened. Another phishing attack uses a link that downloads the malware when clicked. The malware can also be spread by a drive-by download, which occurs when a user clicks on a compromised website.

How can organizations or individuals protect themselves?

Humans are the main entry point for ransomware infections, so education is the best line of defense. A robust security awareness program that includes phishing exercises is the best way to train end-users to avoid clicking suspicious email or links and infecting the network.

There are also technical ways to minimize the risk of being compromised. A strong anti-malware product can block the ransomware from downloading. Implementing URL blocking within email programs can also mitigate infection. If a user can’t click on a malicious link, they won’t be able to download the attached malware. Disabling macros in the Microsoft Office Suite is another way to stop potential infection from attachments.

What if a computer or network becomes infected?

The best way to recover from an infection is to have system backups. IT administrators should be backing up data regulary and testing backups to ensure the data is good and can be recovered. Good backups will prevent an organization from losing data and enable users to return to work quickly.

Who can help?

The Elliott Davis cybersecurity consulting team can perform a security assessment to evaluate the strength of an organization’s cybersecurity program and identify potential vulnerabilities. Our professionals can also work with clients to implement a security awareness program, and then test employees via phishing exercises to gauge how adept they are at detecting malicious emails.

For more information, contact Brian Kirk, practice leader for Elliott Davis’s Cybersecurity practice, at 864.242.2606 or brian.kirk@elliottdavis.com.