Technical service provider managed to quickly counter sophisticated ransomware but learned wise lessons

In July 2021, technical service provider Hoppenbrouwers Techniek was hit by ransomware. Yet the company was able to quickly counter the attack. How did the technical service provider achieve that? And what lessons did they learn from this episode? During WoTS, Dick Klaassen, Industrial MSI project leader at Hoppenbrouwers, will give a lecture on this very current topic.
By: Dimitri Reijerman

“The malware struck just before the weekend,” Klaassen tells FHI: “it was a global hacking attack. Software supplier Kaseya, which provides an update program for other software packages, was the victim. The Russian hacking group, REvil, managed to send a piece of its own malware via this package. This 'update' was sent worldwide to various parties that used Kaseya software. This is how we received this ransomware.”

Immediately after detection, we switched off all systems and activated our cyber insurance. This connected us to a cybersecurity team from Northwave. We immediately created an action plan with the crisis team. Northwave indicated: take into account a week or two before you are up and running again. But our director wanted to do it in two days. We then created a 'washing line' for the laptops and cleaned the systems at all our branches. The backups have also been restored. We were 80 to 90 percent operational again on Monday.
Our employees are continuously kept informed. This way we were able to react quickly and anticipate the situation. On Sunday evening we further informed and activated all our 1,500 employees via a webinar.

REvil's attacks encrypted the data of hundreds of companies worldwide. To get that back, many companies had to open their wallets. “Although the purpose of a cyber attack is usually to demand a ransom, Hoppenbrouwers did not get to that point, thanks to its quick action. The attackers were also unable to copy or view data from the servers, such as files and/or contact details of contacts,” says Klaassen.

Wise lessons
In the aftermath of the REvil attacks, Hoppenbrouwers learned many wise lessons. “We have made different choices in the supply chain of software companies after the evaluations,” says Klaassen. “We also make backups more often and have chosen to phase out certain software.”
He explains the latter choice in more detail: “An attack that we suffered is called a supply chain attack. It enters your company from suppliers. That part is out of your control. Because we now have such a digital society, you are forced to process updates from all kinds of software companies. In the OT world that is just as true. So you are highly dependent on your suppliers in terms of cyber security. You can have everything in order yourself, but you sometimes literally open the door to other parties. That was a big lesson for us. So think carefully about whether the cybersecurity policy of suppliers fits well with your security policy.”

“What you also want is to have good contacts with the right partners in the field of cyber security. They know what the latest developments are. Cyber security insurance can also help companies.”
Furthermore, Klaassen would like to point out during his WoTS lecture that ransomware is one problem, but disrupting society is also increasingly becoming a tool used by malicious people. “Think of attacks on the food or water chain. The chance of this happening is becoming increasingly real. I would also like to make it clear in my lecture that OT and IT systems are almost indistinguishable in the field of cyber security. You need connections between the two to improve productivity efficiency, for example. Moreover, corona has shown that supply chains are becoming far too long, so we have to make more in our own environment. Ukraine shows again that the economy can be hit. All this creates many more connections between IT and OT.”

Would you like this lecture or other lectures in the field of Industrial Cyber Security to attend? Register for free for a visit to the World of Technology & Science 2022.