Russia Has Threatened American Businesses With Retaliatory Cyber Attacks - What Your Business Needs to Know to Protect ItselfMar 30, 2022 Published Article
As the Russia-Ukraine conflict rages on, Russia’s threat to sponsor cyber-attacks on U.S. companies in retaliation for the U.S.’s sanctions has only increased. In fact, President Biden has issued an official statement calling on “private sector partners to harden [their] cyber defenses immediately” based on “evolving intelligence.”1
Unfortunately, state-sponsored cyber threats are nothing new. The good news is that at least some of the threats come from “known vulnerabilities, for which we have patches available, used by even sophisticated cyber actors to compromise American companies.”2 As they say, history is prologue. Reviewing a few examples of Russian-affiliated cyber-attacks helps us to recommend procedures to protect your business in the future.
In 2020, Russian hackers added malicious code to the computer system of U.S. technology firm, SolarWinds, infecting its clients’ computers when the company sent out an updated version of its code. Some of the largest private companies, and even some U.S. agencies, fell victim to the cyber-attack.3 The far-reaching cyber-attack could likely have been prevented with a simple firewall guarding connections to the internet.4
Hitting even closer to home, consumers felt the repercussions of the April 2021 Colonial Pipeline hack at the pump. In that case, the Russia-affiliated DarkSide hackers were able to breach Colonial’s network with just a username and password, which likely could have been avoided had the company utilized a multi-factor authentication tool.5
In June 2021, a Russian ransomware group committed a cyber-attack on the world’s largest meat processing company, JBS.6 Ultimately, the company paid its hackers $11 million, despite being operational before paying the ransom and government recommendations to the contrary.7 It was determined that JBS was a particularly vulnerable target within the food and beverage industry given its computer system protections.8
How to Prepare for a Russian Affiliate Cyber Attacks
Using what we know about past Russian-affiliated cyber-attacks, you can better prepare your business to handle them. Below is a basic checklist on how to prepare for and respond to these types of cyber-attacks.
- Be Proactive. The best defense against ransomware attacks is ongoing evaluations of computer security systems and internal training of personnel.
- Continuance Operations Plan. Have a plan on how to continue business operations after being hit by a ransomware attack, including through establishing reliable computer continuity and backup systems.
- Refusal to Pay. While the hacker may be able to provide the decryption key or will refrain from leaking the materials, in response to receiving a ransom payment, it is far from guaranteed. Further, the Treasury Department issued an advisory stating that the payment of ransomware demands may result in sanctions.9
- Report. You should advise all relevant authorities about any ransomware attack, including the FBI, the U.S. Treasury Department, and state and local law enforcement.
- Attack and Response Assessment. After a ransom attack has been mitigated and resolved, a thorough computer system review, including, but not limited to, as to the vulnerability that was exploited, should take place. In addition, the ransomware continued operations and response plan that was employed should be assessed, including as to how effective it would have been in response to other types of ransomware attacks.
How We Can Help
Ransomware attacks will only increase in frequency and severity. The Privacy and Data Security Team at Newmeyer Dillion stands ready to assist you with preparing for and responding to any cyber incident, including ransomware. We can assist with a wide range of activities, including:
- Cyber Risk Management
- Employee Training
- Incident Response Planning
- Disaster Recovery Planning
- Breach Coaching and Recovery
- Cyber Liability Insurance Placement
Russia’s threat of state sponsored cyber-attacks may prove to be just a threat. Nevertheless, your business needs to be prepared to respond now and in the future. Mitigating cyber threats is no longer just the concern of large companies. All businesses must take cyber threats into account to protect themselves and their customers.
9 Generally, the OFAC may impose civil liability based on strict liability, so a failure to know whether the action was not prohibited is not necessarily a factor that can remove civil liability. Instead, the existence, nature, and adequacy of sanctions compliance programs are factors that OFAC may consider when determining what action to take, including the levying of sanctions.