Delta Electronics’ security policies were crucial in mitigating the impacts of the ransomware attack they suffered at the hands of the Conti ransomware gang. The Taiwanese supplier said that they took the necessary actions to protect critical equipment and systems and it is refreshing to see how seriously large supply chain organisations are taking security. However, it goes to show how sometimes, this is not enough to stop attackers.
Although Conti have encrypted 1,500 servers and 12,000 computers and are demanding a $15 million ransom payment, Delta Electronic has managed to mitigate the impact of the cyberattack. Organisations that are put in the stressful position of being held to ransom can end up with their reputation being damaged, and delays in their supply chain, which ultimately effects their customers. After the initial ransomware attack, businesses then have the lingering fear of a double or triple extortion attack with criminals returning and threatening to publish data on the dark web if they do not receive a second payment.
Organisations like Delta, that supply to other large businesses such as Apple and Tesla, are always at risk from a ransomware attack. Past examples such as the Colonial Pipeline attack shows the impact of ransomware attacks on supplier organisations with halted fuel supplies and distribution, ultimately leading to fuel shortages. Threat actors know that these supplier companies are more likely to pay ransom demands as they can’t afford for their distribution to be halted, and with Delta reportedly entering negotiations with Conti, their theory seems to have been true on this occasion. With suppliers being a main target for hackers, organisations need to shift their mindset to preventing cyberattacks instead of mitigating the impacts.
Most solutions, like endpoint detection and response (EDR), need an attack to execute before it can identify activity as malicious or benign, which is too slow when the fastest ransomware attacks can encrypt data within 15 seconds. Organisations need to invest in solutions that use technology, such as deep learning, which can deliver a sub-20 millisecond response time to stop malware pre-execution and before it can take hold. With preventative solutions such as deep learning on the market, organisations will no longer have to fear supply chain attacks like we’ve witnessed with Colonial Pipeline and Delta. Instead, organisations will be resistant to the demands of ransomware gangs, and they’ll be the ones left with the nasty shock.