Cybersecurity in construction is an increasingly urgent concern in the built world, and one of the threats that looms the largest is ransomware.
Indeed, according to software company Nordlocker, construction companies were the number one target of ransomware attacks in 2021.
As alarming as this fact may be, it is to be expected: Construction is a profitable business of nuts-and-bolts that hasn’t quite adjusted to the idea that it might need an IT department. The technological evolution of the industry is slow, and yet digitization has undeniably begun to enmesh itself within every layer of construction. This has brought a multitude of benefits, but it’s not without its perils. The shift to mobile devices in the field, and software solutions and cloud-based digital infrastructure at the back office–especially during a pandemic that has seen so many of us working from home–has opened up a wide variety of new system that need to be properly secured. Unsurprisingly, vulnerabilities and attack surfaces have emerged in recent years.
Online threats can take many forms, but as far as construction is concerned, ransomware appears to be the cyberattacker’s weapon of choice. So, what exactly is ransomware, how does ransomware get on your computer, and what can construction companies do to prevent it?
What Is Ransomware and How Does It Work?
As with any tech-related concept, defining ransomware is tricky business: Thanks to the rapid speed of change online, any description is apt to turn up stale the moment it’s put into words. We will nevertheless take a crack at it.
Generally speaking, ransomware refers to the ever-changing array of digital tools that internet hackers and other malicious online figures use to coerce individuals and institutions into taking certain actions or providing payment in exchange for compromised or captured data.
Ransomware is an increasingly common form of something called malware, or “malicious software” designed for the express purpose of disrupting computer systems. Malware is used for a wide and stunning variety of purposes, whether it’s to hack a credit card company to steal sensitive financial information or to infiltrate and shutdown a nuclear powerplant.
There are many different types of creatively named ransomware attacks out there in the wild, but they generally fall into two broad categories, according to cybersecurity firm Datto. These categories are Crypto Ransomware and Locker Ransomware. A computer infected with ransomware will have whole chunks of its data encrypted (Crypto Ransomware), or sometimes the device itself is held hostage, rendered completely inaccessible (Locker Ransomware). Unlike many forms of malware that run silent in order to avoid detection, ransomware loudly announces its presence. A simple email or popup window might appear declaring that a cyberattack has been made and it will only be called off in exchange for a ransom of cash or cryptocurrency.
How Does Ransomware Get on Your Computer?
A ransomware infection can occur in a number of different ways, but according to cybersecurity firm Comodo, there are two main vectors of transmission.
- The first method of ransomware infection is spam, or phishing emails. These are email messages that are designed to look like they’re coming from a legitimate or official source to trick you into letting your guard down. The long-running “Nigerian Prince” scam is a common example of a phishing email. These messages often contain links or attachments that will install ransomware onto your computer if you click on them.
- The second common method of ransomware infection is through something called an exploit kit. An exploit kit is a line of code or string of computer commands that take advantage of a vulnerability in a computer or piece of software. Instead of targeting individuals with emails, cyberattackers who use exploit kits often embed them into websites on the internet that they’ve either hacked or created from scratch. Anyone who visits these websites will unwittingly be exposing themselves to the exploit kit, which will begin scanning their operating systems for vulnerabilities. If any are found, the ransomware will be installed, and the hostage negotiations will begin.
Ransomware Examples: How Has Ransomware Been Used Against Construction Companies?
The prevalence of ransomware has increased dramatically in recent years. According to the 2022 Cyberthreat Report by cybersecurity firm Sonicwall, there were 623.3 million ransomware attacks across the globe in 2021, a 105% increase from the previous year. The cost of these attacks is staggering: According to the U.S. Financial Crimes Enforcement Network (FINCEN), there was about $590 million in ransomware related criminal activity in the first half of 2021 alone, a 42% increase from 2020. Of the organizations that were targeted, about one in ten ended up paying more than $1 million in ransom.
And as we’ve already touched on, the construction industry is uniquely vulnerable to these types of attacks. Nordlocker has reported that 93 construction companies were the victims of ransomware attacks in 2021. In early 2020, high-profile French company Bouygues Construction was hit with a ransomware attack that led to the shutdown of some of the multinational’s vital computer systems. The attack was carried out by a nasty strain of ransomware called Maze, which also infected the computer systems of Canada-based Bird Construction around the same time.
Why Is Construction So Vulnerable to Ransomware?
According to Oliver Noble with Nordlocker, the industry’s business model may be partially to blame.
“The reputation of firms in this industry is largely built upon on-time service delivery, which is at risk during any delays caused by ransomware attacks,” Noble said. “Similarly, the industry’s relatively thin profit margins make a ransomware payout more likely, as many companies cannot afford a prolonged standstill of operations.”
Another issue is that construction has begun to adopt a wide range of nascent technologies that are vulnerable to cyberattacks. Wearable tech like smart glasses and exosuits, as well as Internet of Things (IoT) devices all present enticing opportunities for enterprising cyberattackers. Consider how easily unsecured Amazon ring cameras have been taken over; it’s not inconceivable that a ransomware infection might take root within a smart headset during an onsite inspection or augmented reality (AR) safety training exercise.
How to Prevent Ransomware in the Construction Industry
Now that we’ve established what exactly ransomware is and the construction industry’s unique vulnerability to it, you probably want to know: how can I avoid becoming the next victim of a ransomware attack?
Here are 5 steps you can take right now to protect yourself and help prevent ransomware:
- Hire a Construction Technologist
- Backup Your Data and Systems
- Train Your Workers
- Keep Your Software Up to Date
- Create a Cyberattack Response Plane
Hire a Construction Technologist
You know the old saying: If you want something done, hire someone with the skills and competencies for the job. Seriously though, if you work in construction and you’re worried that your company’s online presence might be vulnerable to attack, the best thing you can do is to bolster your team with a construction technologist.
Construction technologists are adept at handling all things related to the digital side of construction. These tech gurus are in charge of ensuring that all the gadgetry within your company runs smoothly and efficiently. It’s their job to oversee all your online and computer-based holdings, which includes everything from ensuring proper security protocols are followed, providing cybersecurity trainings to personnel, and creating a cyber attack response plan.
Backup Your Data and Systems
Cyberattackers can’t hold your data hostage if you still have access to it. Talk to your construction technologist about creating an automatic backup system that creates duplicates of all your data and stores the copies in a separate, secure, offline, and encrypted location that only a select few individuals within your organization have access to. This strategy only works against Crypto Ransomware (when only segments of data are encrypted as opposed to entire devices), which is why you may also want to consider investing in backup systems: keeping templates on-hand for rebuilding software tools, databases, and webpages that become compromised; along with retaining backup hardware in the event that a device or computer system becomes inaccessible.
Train Your Workers
Cybersecurity isn’t just a one-time product that you can purchase software to provide or hire an individual to create. Cybersecurity is a day-to-day, moment-to-moment practice that requires education and the participation of everyone on your team. Make sure each of your fellow workers knows what ransomware is and has received the best training possible on how to avoid it, and what to do in the unfortunate event of an attack. If you’re looking for guidance and trainings, a great place to start is the CISA’s website, which provides an excellent Ransomware Guide complete with best practices and a variety of free online cybersecurity training modules.
Keep Your Software Up to Date
Ransomware can’t infect your computers if there are no vulnerabilities for them to exploit. You can stay one step ahead of cybercriminals by fortifying your systems and deflecting attacks before any infections can take root. Ransomware is much more likely to fail when the software and applications on your computer system are fully up to date, with any detected weaknesses patched.
Create a Cyberattack Response Plan
How you respond to a cyberattack when it happens can be just as critical as the steps you take to prevent one. Precious time can be lost in the confusion and a situation that may be salvageable can end up worsened in the midst of a panic. You can avoid a messy response by consult with your construction technologist on a detailed plan for precisely what to do if and when a ransomware note appears on your screen.
Ransomware is a growing threat that construction professionals need to begin taking more seriously, especially in light of the fact that our industry is the number one target for this type of attack. Thankfully, there’s plenty of preventative steps we can take to protect our vital computer systems and ensure that the mission critical data of our clients, employees, and projects are never held for ransom.