With ransomware attacks on high profile businesses like Colonial Pipeline and JBS Foods in the headlines, HVAC businesses are increasingly asking, “Are we vulnerable too?” or even, “Are we next?”

According to the U.S. Cybersecurity & Infrastructure Security Agency (CISA), “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”

Although there are various measures that HVAC businesses can take to reduce the risk of becoming a ransomware victim — which can involve a loss of data and production for an indefinite period until it is resolved — managers shaken by the scope of the problem are increasingly turning to expert third party cybersecurity firms for guidance and protection.


Any HVAC Business is a Potential Victim

When Colonial Pipeline was targeted by the DarkSide gang in a ransomware attack this April, it disrupted gas supplies along the U.S. East Coast, causing widespread shortages in multiple states. Colonial Pipeline paid $4.4 million dollars in bitcoin to release their billing system and internal business network, although U.S. law enforcement later recovered much of the payment.

JBS Foods, one of the world’s largest meat processing companies, suffered a ransomware attack this May and paid an $11 million ransom. The Russia-based hacking group REvil is suspected to be behind the attack.

Global ransomware damage costs are predicted to hit $20 billion in 2021, up from $11.5 billion in 2019, $5 billion in 2017, and just $325 million in 2015, according to the Cisco/Cybersecurity Ventures 2019 Cybersecurity Almanac.

Cybersecurity Ventures — the world’s leading researcher and a trusted source for cybersecurity facts, figures, and statistics — expects that businesses will fall victim to a ransomware attack every 11 seconds in 2021, up from every 14 seconds in 2019, and every 40 seconds in 2016.

Concern over the danger to businesses has even risen to the international stage. NPR reports that at a recent summit in Geneva, “President Biden called on Russian President Vladimir Putin to crack down on cybercrimes. But the Russian leader has shown little interest in combatting an emerging criminal industry in his country that's called ‘ransomware-as-a-service.’”

In the battle against ransomware, the challenge is that essentially any HVAC business with older PCs, networks, firewalls, or operating systems is vulnerable, particularly those that do not immediately update to the latest software to “patch” security issues, according to Yuriy Tatarintsev, manager of technical operations at BTI Communications Group.


Safeguarding HVAC Businesses of All Sizes

While keeping the entire HVAC business’s IT infrastructure and software fully up to date is the goal, even one PC running an older, unsupported version of Windows, for instance, can be “a chink in the defensive armor that invites intrusion,” states Tatarintsev.

So, the fight against ransomware begins with having a companywide process to ensure that all machines are patched with the latest security updates from Microsoft and other applications as soon as they are released.

Next, defending critical HVAC business processes from attack goes beyond simple anti-virus protection that solely reacts to known threats and leaves operations vulnerable to yet unidentified risks.

“We recommend a new generation of advanced antivirus software that does not always depend on identifying known threats or ‘signatures.’ Instead, such software uses artificial intelligence to analyze which PC programs and processes are affected and as soon malicious activity is detected, stops it,” said Tatarintsev.

According to Tatarintsev, email security is also of critical importance today because insufficient precaution in this area is perhaps the leading cause of companies getting ensnared in ransomware.

“Statistically most HVAC companies acquire ransomware when an employee receives a suspicious email that seems legitimate and clicks on an embedded link. This starts the ransomware attack, which then spreads throughout the company network,” says Tatarintsev.

To protect against this hazard, Tatarintsev recommends that HVAC businesses use advanced email spam protection tools that offer significantly more defensive capability than earlier, more rudimentary options.

“The advanced tools not only filter out all potentially malicious emails, but also stop users from going to dangerous website destinations by clicking on links that could start a ransomware attack,” he said. He explains that the tools rewrite all the embedded link Uniform Resource Locators (URLs). So, if a user clicks a URL in an email, instead of linking to a potentially dangerous website, he or she is redirected to a safe location or ‘sandbox.’ The URL is analyzed to determine if it is dangerous, and if it is safe the user is allowed to go to the original website destination.

Since deceptive “phishing” emails designed to start a ransomware attack can appear so similar to authentic emails, Tatarintsev advises that all HVAC employees receive periodic security awareness training. This not only teaches employees how to distinguish the latest potentially dangerous emails, but also sends safe, simulated phishing emails to test their responses on an as needed basis. Employees who fail the test are given additional training, so they will not compromise the business when an actual phishing email-ransomware assault occurs.

If all these defenses fail and ransomware does infect and shut down a HVAC company’s IT network, a reliable back up system should be in place that can quickly restore all critical data.

“If a business’s vital server data is encrypted by ransomware, with a good backup solution data can be restored from the backup,” said Tatarintsev. He notes, however, that some data will be lost, depending on the frequency of backup. Unless these are virtually continuous, a day or even a week or more of current data could be lost.

Moreover, care must be taken as to how data is transferred and saved, so ransomware does not have access to storage sites connected to company networks.

While HVAC businesses can attempt to fight the growing scourge of ransomware in-house, most IT departments do not have the time, resources, or expertise available to deter the constantly evolving threat on a 24/7 basis. As an alternative, an increasing number of HVAC businesses are cost-effectively protecting against ransomware by outsourcing to professional, third-party firms like BTI Communications Group that remotely and continually provide layers of protection with a comprehensive, integrated IT approach.

This strategy can continually deter and detect threats as well as resolve vulnerabilities. Additionally, this eliminates the need to dedicate internal IT staff to these types of tasks. It also minimizes potential loss and even liability if serious harm were to be caused by disrupted company services.

However, even outsourced IT solutions and services are at risk of ransomware attacks and so must be prepared with advanced monitoring and prevention tools. On the weekend of July 3, 2021, Russia-linked hackers were suspected of a mass ransomware attack on Kaseya, a company that provides IT management software. The hackers demanded $70 million.

According to Tatarintsev, BTI Communications Group does not use Kaseya’s products and would not speculate on the incident. However, the first and primary goal of a third-party, integrated IT service is to deliver the foremost level of technical quality that can be delivered reliably for a client’s budget.

“We emphasize the quality and reliability aspects. Where cybersecurity is concerned, any other approach, no matter how seemingly cost beneficial, can be fatal. By putting quality first before short-term economic advantage from cheaper tools, we and our clients end up winning in the end,” said Tatarintsev.

For this reason, only carefully selected software tools and technical solutions should be utilized to ensure its clients are always operating in a high-performance, reliable, and secure IT environment.

“Our persistent threat monitoring and prevention tools identify root causes of threats, reverse malicious attempts in the early stages, and prevent incidents from penetrating our client systems,” said Tatarintsev. “Our 24/7 security operating center provides managed detection and response by continuously watching the environments and reacting rapidly to potential risks, ensuring ongoing protection with the most current security insights and guidance available.”

“We have reason to believe that any malicious code pushed our way from a software vendor would have been stopped by our systems prior to it being able to infect anyone,” concludes Tatarintsev.

With the menace of ransomware continuing to escalate, HVAC businesses of all sizes would be wise to examine options for deterring the threat before being victimized.