Ransomware Hits The Auto Recycling Industry
Most people can remember exactly where they were when major life events have occurred. For Marty Hollingshead, he remembers July 7, 2019 at 3:30 p.m. clearly.
“It was a Sunday, and I was ready to leave work when I saw on the screen of my server what turned out to be one of my worst nightmares,” said Hollingshead who is the owner of Northlake Auto Recyclers in Hammond, Ind. “The message on the screen said that all of my files had been encrypted. After making a few calls - one of them being to the person I hired to protect my network - I found out that I got hit with ransomware.”
Ransomware is a malicious file-encrypting software designed to block access to a user’s systems until a ransom is paid.
Hollingshead, a vocal member of the auto recycling industry, frequently stresses the importance of protecting and securing data and networks, so being hit with ransomware in his company came as a surprise.
“We invested a lot of time and money to ensure that our network and our data was secure, so this came as quite a shock to me. As we looked into it, we found that they had encrypted all of my backup files, which is all of my critical data. We also run a local backup to an external hard drive, but because I had it still plugged in, they scrambled that too,” explained Hollingshead. “The only correct fix in a case like this is to do a restage and rebuild on your server, and this can be devastating if you do not have a current backup.”
Northlake wasn’t the only recycler hit that weekend.
“On my way into work on Monday morning, I got a call from another recycler telling me that he also got hit with ransomware. Now I knew I wasn’t alone, and it probably wasn’t something that we were directly responsible for,” said Hollingshead. “As the day went on, the news hit that more and more Recyclers got tagged. I found out that this “attack” hit everyone around 3 p.m. CST on that same Sunday. So, for most, this was designed to be quite a shock after a long holiday weekend. While the severity varied, and Northlake was lucky, some folks were shut down completely.”
Because he wanted to get to the bottom of the attack, Hollingshead asked his IT staff to find out how the attackers infiltrated the server and what they were asking for ransom.
The price was $4,500 USD in bitcoin. But paying would have been a mistake.
“I was advised that it would be a bad idea to pay them anything, and even if I did, there was no guarantee that I would get my files unlocked,” said Hollingshead.
This attack appears to have been centered on Hollander customers, tracing back to a problem with a third-party top tier provider that Hollander uses for remote customer support. And, Hollander wasn’t the only victim in this. As of press time, there have been more and more instances of other businesses falling victim.
According to a recent Malwarebytes threat report, overall ransomware detections against businesses between the second quarter of 2018 and the second quarter of 2019 have risen by 363 percent.
“This isn’t going away,” said Hollingshead. “The important thing to realize here, is that the bad guys are making a lot of money from this. As long as they are making money, these kinds of acts will continue.”
So how can recyclers protect themselves? Hollingshead offered six tips:
Do daily local backups of your data and images. Invest in a removeable hard drive and disconnect the drive when done. Store this hard drive in a separate building. This will be the best way to restore your data in the event of a loss.
Make sure you have passwords that aren’t simple or easy to guess. You should also change them periodically.
If you don’t have virus protection, get it and make sure you are running updates for your virus protection. Check that all operating systems and programs have the latest updates and patches installed.
Use caution when browsing the internet. Limit uses to business purposes only. Never click on links or open attachments on any unsolicited emails. If you don’t know who the email came from or are unsure, delete it.
Have spam filters to scan all incoming and outgoing data to detect any threats and filter executable files from reaching the end users. Have firewalls in place and configure them to block any access to any known malicious IP addresses.
Know and limit who has access to your server. Restrict their permission to install and/or run software applications. Make sure they have no open (pinned) applications running. In other words, once they are done, do not leave the door open.
Another option gaining traction is to add cyber risk coverage to your insurance policies. Although a relatively new option, it could prove beneficial if your yard is hit with ransomware.
According to the International Risk Management Institute, coverage for losses associated with ransomware is available within cyber and privacy insurance policies. Although it varies by insurer, items covered may include monies to pay ransom demands, the cost of hiring experts to negotiate with hackers and the cost of computer forensics experts who can determine how hackers gained access to the insured's computer system and then make recommendations on how to prevent future incursions.
“I can tell you that this has been one heck of a painful lesson for me, but it has made us smarter,” said Hollingshead. “Like the old saying goes, ‘What doesn’t kill you makes you stronger.’”