Home Articles Malware disrupts CNC Machines: Are You Prepared for a Cyberattack?

tarus-gundrill — The controlling PC computer for this gun drill – a Windows-based system that the machine tool builder recommended not running virus protection on as it would “slow down” the computer – was replaced at CS Tool Engineering after a cyberattack. “This is going to be an issue as technology advances with Industry 4.0,” said Don Snow, president of CS Tool Engineering. “Can all of your systems stay up to date to ward off disruptive attacks from their connection with the internet?”

Malware disrupts CNC Machines: Are You Prepared for a Cyberattack?

12/07/2020

By Brittany Willes, writer, The American Mold Builder

Cyberattacks are nothing new. In fact, stories of new malware and ransomware circulate so often that many have become numb to the warnings and red flags. Despite the growing number of incidents and the general acknowledgment that cyberattacks can happen to anyone, too many companies still operate with an “it won’t happen to us” mindset. As a result, they may not be taking proper precautions and safety measures to guard against online threats.
However, even implementing minimum precautions is not likely to be enough in the event of a cyberattack.

“It happened June 24, 2019, at about 9:00 in the morning,” said Don Snow, president of CS Tool Engineering, Inc, Cedar Springs, Michigan. “I’ll never forget it. They were getting in, and it seemed like it just went from computer to computer to computer.” Immediately, Snow contacted the company’s cable provider to have its IP address changed. Unfortunately, even the cable provider was locked out. “At that point, we disconnected from the outside world,” said Snow, “probably prior to getting a ransom note.”

CS Tool was the victim of Ryuk ransomware – a type of malware that blocks and/or corrupts the victim’s data, often until a ransom has been paid. According to CrowdStrike.com, “Ryuk is specifically used to target enterprise environments.” Most often the attack comes in the form of an email attachment that appears to be from a trusted source. In the case of CS Tool, no one is entirely sure how the virus was activated, but it forced the business to a complete standstill for the better part of a week.

“The virus hit all of our CAD computers, our ERP software, and took out some of our CNC machines. Even my gun drill, which has a PC-based operating system, was infected,” said Snow. “There’s absolutely no virus protection for something like that, because who would want to get in and screw up a machine control?”

While it’s hard to find a bright side in the wake of a cyberattack, one positive aspect is that CS Tool learned where its weaknesses were and how to be prepared for future attacks. “First and foremost, have your system mapped out,” said Snow. “What is your network? What are your computers? What are your software licenses? Have those backed up and stored in a separate, secure location so that you still have access to those in the event of a cyberattack.”

This was a lesson hard learned, as shortly after the attack CS Tool lost its in-house IT support. “About four days into the recovery process, I lost my IT people and had to work with an outside source,” said Snow. The company’s backup data was found to be questionable at best, and working with a whole new IT group made the task that much harder. “We ended up having to rebuild the whole network,” he continued – a situation that might have been avoided, or at least less frustrating, had the company’s original IT team made regular backups of all its data. “Have all of your stuff documented,” he advised. “If your IT people go out of business or you want to switch providers, it is crucial to have those backups. If Humpty Dumpty falls off the wall, can someone else come along and, with the documentation you have of what your network was, can they put Humpty Dumpty together again expediently?”

In addition to switching to a new IT provider, CS Tool also made updates to its system. According to Snow, prior to the attack the company had some computers running Windows 95, numerous machines running Windows 7 and only a few running Windows 10. Trying to run virus protection with such a mix was all but ineffective. All systems have since been updated to Windows 10, with personalized passwords for extra protection.

“You get lazy,” Snow admitted. “You get lazy and you get complacent about upgrading. At the end of the day, you can’t be cheap about upgrades. We ended up spending a little over $200,000 in system upgrades, computers and replacements. That’s not even counting what it cost us as a business in terms of lost work.” Considering that it was five weeks before the company was fully operational once more, spending the money upfront to avoid potential lost profit down the line is a smart move.

Another thing that can help offset financial damages as a result of a cyberattack is cyber insurance. “Listen to your business insurance agent when they ask if you’d like cyber insurance,” Snow advised. “We had declined the extra insurance in April and then were attacked in June. A cyberattack is not considered a work interruption, according to our agent. How can it not be? Definitely buy the cyber insurance.”

Cyberattacks can happen at any time, even to the most prepared companies. As Snow stated, “It’s a matter of when, not if. You’re going to get hit with a cyberattack, so be prepared. You can have some of the best IT people and still get hit. Educate your people. Be prepared in the event of losing your IT provider. Backup your data religiously. Always ask yourself, if an attack happens, can someone pick up the pieces of your system and make it work?”