February’s cyberattack on aerospace precision parts manufacturer Visser Precision in Denver, Colorado brings about new pressures on the supply chain brought on by DoppelPaymer ransomware.
Rather than encrypting a victim organization’s data and demanding a ransom to unlock the stolen data, Doppelpaymer ransomware removes data from the victim organization and threatens to dump the data into public view unless the ransom is paid. The “data-dump” exerts pressure above and beyond former ransomware methods. In the words of security awareness advocate Javvad Malikin in a Forbes article on the breach, “even if the organization has backups in place, or can resume operations, the threat of leaking or selling commercially sensitive data and intellectual property will remain.” DoppelPaymer pressures both the target organization and downstream customers whose data is being published.
Sourcing parts to high-flying customers such as Tesla, SpaceX and Lockheed Martin, the recent attack against Visser highlights how evolved cyberattacks pose risk to reputation and bottomline. Visser’s nondisclosure-agreements with both SpaceX and Tesla, sales contact lists, tax forms, receipts and proprietary missile designs were launched into public view in the attack. The damage to Visser from this attack Is potentially far-reaching and long-lasting because:
DoppelPaymer ransomware brings the “to pay or not to pay” dilemma to mind. While paying the ransom to recover the stolen data should be avoided to the furthest extent possible, several factors come into play when deciding how to recover from cyber-extortion. Many executives’ fiduciary responsibilities legally bind them to act in a company’s best interest. The decision whether or not to pay a ransomware extortionist involves deciding if paying is cheaper than attempting to recovering the data.
While reputational risk is hard to quantify, loss of current and potential customers has a definitive value. Ransomware variants such as DoppelPaymer and Maze have added layers of financial complexity to cyber incident recovery. When regulated data like personal information is involved, fines from the regulatory side can bring the cost up (in addition to the extortionists’ financial demands).
With ransomeware attacks, we typically think about the immediate response: martialing resources for incident response activities and communication, as well as containment through endpoint protection and file recovery. But the plot twists introduced by ever-more sophisticated cyberattacks emphasize the necessity of understanding the impact of a breach where your organization’s confidential information is entrusted to another party. When assessing the cybersecurity risk of a third party, confidence in your vendor’s ability to respond to a ransomware attack is essential.