What Construction Business Owners Should Know

Cybersecurity in construction is an increasingly urgent concern in the built world, and one of the threats that looms the largest is ransomware. 

Indeed, according to software company Nordlocker, construction companies were the number one target of ransomware attacks in 2021. 

As alarming as this fact may be, it is to be expected: Construction is a profitable business of nuts-and-bolts that hasn’t quite adjusted to the idea that it might need an IT department. The technological evolution of the industry is slow, and yet digitization has undeniably begun to enmesh itself within every layer of construction. This has brought a multitude of benefits, but it’s not without its perils. The shift to mobile devices in the field, and software solutions and cloud-based digital infrastructure at the back office–especially during a pandemic that has seen so many of us working from home–has opened up a wide variety of new system that need to be properly secured. Unsurprisingly, vulnerabilities and attack surfaces have emerged in recent years. 

Online threats can take many forms, but as far as construction is concerned, ransomware appears to be the cyberattacker’s weapon of choice. So, what exactly is ransomware, how does ransomware get on your computer, and what can construction companies do to prevent it?  

Let’s investigate. 

Ransomware is an increasingly common form of something called malware, or “malicious software” designed for the express purpose of disrupting computer systems. Malware is used for a wide and stunning variety of purposes, whether it’s to hack a credit card company to steal sensitive financial information or to infiltrate and shutdown a nuclear powerplant.  

There are many different types of creatively named ransomware attacks out there in the wild, but they generally fall into two broad categories, according to cybersecurity firm Datto. These categories are Crypto Ransomware and Locker Ransomware. A computer infected with ransomware will have whole chunks of its data encrypted (Crypto Ransomware), or sometimes the device itself is held hostage, rendered completely inaccessible (Locker Ransomware). Unlike many forms of malware that run silent in order to avoid detection, ransomware loudly announces its presence. A simple email or popup window might appear declaring that a cyberattack has been made and it will only be called off in exchange for a ransom of cash or cryptocurrency.  

A ransomware infection can occur in a number of different ways, but according to cybersecurity firm Comodo, there are two main vectors of transmission. 

1. The first method of ransomware infection is spam, or phishing emails. These are email messages that are designed to look like they’re coming from a legitimate or official source to trick you into letting your guard down. The long-running “Nigerian Prince” scam is a common example of a phishing email. These messages often contain links or attachments that will install ransomware onto your computer if you click on them. 
2. The second common method of ransomware infection is through something called an exploit kit. An exploit kit is a line of code or string of computer commands that take advantage of a vulnerability in a computer or piece of software. Instead of targeting individuals with emails, cyberattackers who use exploit kits often embed them into websites on the internet that they’ve either hacked or created from scratch. Anyone who visits these websites will unwittingly be exposing themselves to the exploit kit, which will begin scanning their operating systems for vulnerabilities. If any are found, the ransomware will be installed, and the hostage negotiations will begin.  

Ransomware Examples: How Has Ransomware Been Used Against Construction Companies? 

The prevalence of ransomware has increased dramatically in recent years. According to the 2022 Cyberthreat Report by cybersecurity firm Sonicwall, there were 623.3 million ransomware attacks across the globe in 2021, a 105% increase from the previous year. The cost of these attacks is staggering: According to the U.S. Financial Crimes Enforcement Network (FINCEN), there was about $590 million in ransomware related criminal activity in the first half of 2021 alone, a 42% increase from 2020. Of the organizations that were targeted, about one in ten ended up paying more than $1 million in ransom.  

And as we’ve already touched on, the construction industry is uniquely vulnerable to these types of attacks. Nordlocker has reported that 93 construction companies were the victims of ransomware attacks in 2021. In early 2020, high-profile French company Bouygues Construction was hit with a ransomware attack that led to the shutdown of some of the multinational’s vital computer systems. The attack was carried out by a nasty strain of ransomware called Maze, which also infected the computer systems of Canada-based Bird Construction around the same time. 

Why Is Construction So Vulnerable to Ransomware?  

According to Oliver Noble with Nordlocker, the industry’s business model may be partially to blame. 

“The reputation of firms in this industry is largely built upon on-time service delivery, which is at risk during any delays caused by ransomware attacks,” Noble said. “Similarly, the industry’s relatively thin profit margins make a ransomware payout more likely, as many companies cannot afford a prolonged standstill of operations.” 

Another issue is that construction has begun to adopt a wide range of nascent technologies that are vulnerable to cyberattacks. Wearable tech like smart glasses and exosuits, as well as Internet of Things (IoT) devices all present enticing opportunities for enterprising cyberattackers. Consider how easily unsecured Amazon ring cameras have been taken over; it’s not inconceivable that a ransomware infection might take root within a smart headset during an onsite inspection or augmented reality (AR) safety training exercise. 

1. Hire a Construction Technologist
2. Backup Your Data and Systems
3. Train Your Workers
4. Keep Your Software Up to Date
5. Create a Cyberattack Response Plane 

Hire a Construction Technologist 

You know the old saying: If you want something done, hire someone with the skills and competencies for the job. Seriously though, if you work in construction and you’re worried that your company’s online presence might be vulnerable to attack, the best thing you can do is to bolster your team with a construction technologist. 

Cybersecurity isn’t just a one-time product that you can purchase software to provide or hire an individual to create. Cybersecurity is a day-to-day, moment-to-moment practice that requires education and the participation of everyone on your team. Make sure each of your fellow workers knows what ransomware is and has received the best training possible on how to avoid it, and what to do in the unfortunate event of an attack. If you’re looking for guidance and trainings, a great place to start is the CISA’s website, which provides an excellent Ransomware Guide complete with best practices and a variety of free online cybersecurity training modules.