Which industry is most prone to cyberattacks involving ransomware?

Construction, actually, according to a report by NordLocker, a global encryption software firm owned by NordSecurity. 

What makes the construction industry such a lucrative target for ransomware gangs? The very nature of the business: striving to complete projects on time and on budget.

“The reputation of firms in this industry is largely built upon on-time service delivery, which is at risk during any delays caused by ransomware attacks,” said Oliver Noble, NordLocker cybersecurity expert. “Similarly, the industry’s relatively thin profit margins make a ransomware payout more likely, as many companies cannot afford a prolonged standstill of operations.”

Ransomware is a computer virus that takes over the target device, restricts the owner’s access, and demands the victim pay a ransom to get their device back, Noble said. First created in 1989, ransomware has been used to blackmail individuals for a $100 payout and extort corporations for tens of millions of dollars. Modern ransomware can steal files, target locally stored backups, spread through the network and “even bring municipalities to a standstill.”

A device can get infected through a malicious email, a spoofed website or in many other ways, Noble said. Then, the attackers may scan the device for something valuable or, if pressed for time, start encrypting everything at once. After encrypting the data, the ransomware will display a ransomware note with detailed instructions on how to create a cryptocurrency wallet and send bitcoin to the attackers’ address.

In 2021, ransomware has escalated to thousands of attacks per day and is predicted to cost businesses more $20 billion, he said. Most successful attacks might be left undisclosed, but after researching 1,200 ransomware cases made public by hackers over the last two years, NordLocker found that some types of businesses get breached more often—with construction on top.

Within the construction industry, some of the more notable companies that have been hit with ransomware attacks include one of the biggest construction companies in France, a North American homebuilder and an Asian-based group of construction engineering companies.

But it’s not just large companies—mom-and-pop businesses are vulnerable as well, Noble said.

“Small construction contractors usually do not have the same cybersecurity checks in place as larger businesses, making them an easier target for ransomware attacks,” he said. “Additionally, construction could be a tempting target to ransomware gangs because many companies in this industry are yet to recognize the importance of cybersecurity and implement advanced solutions,” or train their employees, who continue to be “the weakest link.”

In fact, 85% of all data breaches involve the human element, Noble said.

“New threats emerge regularly; therefore, it is vital to be vigilant and keep your staff updated on any developments,” he said. “Make known that every employee, from top to bottom, is relevant to the company’s cybersecurity. Regularly brief the board members on cybersecurity happenings, and once in a while run company-wide cybersecurity knowledge tests.”

These are specific strategies to protect companies from cyberattacks:

• Ensure employees use strong and unique passwords when connecting to company systems. Implementing multifactor authentication is also important.
• Train staff to identify phishing signs, especially when an email contains attachments and links.
• “Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution.”
• “Adopt zero-trust network access, meaning that every access request to digital resources by a member of staff should be granted only after their identity has been appropriately verified.”
• “The physical aspects of security are just as important as their digital counterparts. They range from trespassing events, such as piggybacking or tailgating, to locking the workstation when not at the desk. If applicable, establish clear remote-work protocols, such as avoiding public Wi-Fi."