Not a great deal has changed in the information security field over the last bit of time: despite valiant efforts by security professionals, it's really bad out there with lots of successful attacks most weeks.
One of them struck a household name, car maker Jaguar Land Rover (JLR), owned by India's Tata Motors since 2008. JLR was hit by the HellCat ransomware group late in August, and has struggled to recover from the attack ever since.
In fact, this could be the second time JLR was done, if security vendor Hudson Rock is correct. Hudson Rock documented an attack on JLR in March this year by HellCat, saying it mirrored a pattern previously detected with other high-profile victims such as Spain's Telefónica, Schneider Electric and European telco Orange.
To give you an idea how bad the attack is, the British government has now stepped in and backed a loan to JLR of NZ$3.5 billion, to be repaid over five years. The reason is not only JLR being on the ropes with 34,000 jobs being threatened, but a further 120,000 people's livelihood hanging in the balance, being part of the car maker's extensive UK supply chain.
Many suppliers were staring bankruptcy in the face, as they were not getting paid by JLR.
That's three factories shut due to incident, and 1000 cars a day not being made. Losses from the four-week closure are around NZ$464 million and it appears JLR was not insured against cyber attacks.
JLR is trying hard to get car production back up and running by next month, and said it has managed to restore its invoicing processing systems so that it can work through a backlog and pay its suppliers, and the parts distribution system is operational as well.
"This will enable our retail partners to continue to service our clients’ vehicles and keep our customers mobile," JLR said.
Soon after the JLR attack, European airports in London, Berlin, Dublin and Brussels found themselves unable to check in passengers, as software provider Collins Aerospace was struck by ransomware.
You may have heard of LockBit, a notorious piece of ransomware. It was "disrupted" as security vendors call it last year, and thought to have shut down but LockBit is back with version 5.0 which looks very professionally developed, and runs on Windows, Linux distributions and VMware virtualisation infrastructure. LockBit's now coming up to five years of existence.
There's much finger-pointing going on at the moment, including the obligatory "wake-up call" headlines. Nothing concrete as such is being put forward that would put an end to a scourge of hacks and attacks that literally threaten nations' economies.
Clearly whatever's being done to halt ransomware and other cybercrime isn't working, and has not worked for well over a decade now. You don't need to look particularly deep to see why either, as Russia is where most of the ransom money's headed; along with North Korea, that nation has "financial incentives" to keep the ransomware business going. Digital extortion is now well established, professional and follows the as-a-service model. Quite the cost-of-doing-business burden.
We welcome your comments below. If you are not already registered, please register to comment.
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.