According to SEC documents, the attack hit the company on March 20, 2021. The ransomware encrypted Sierra’s internal IT network. The impact was that this prevented personnel from accessing internal documents and systems related to manufacturing and planning. In turn, this led to the company shutting down its manufacturing sites, most of which require up-to-date access to customer orders and product specifications.
The company does not yet know when production will come back online and it’s unclear if the attackers were able to steal any sensitive information. If you plan on covering this incident,
To gain an insight into the significance of the attack, Digital Journal caught up with Matt Sanders, Director of Security at LogRhythm.
Sanders says: “This is an example of the reach a ransomware attack can have on a business. Unfortunately, Sierra Wireless’ entire production has halted. When a company falls victim to ransomware, the pressure to get back to normal business operations is considerable. The ability to do so in a timely manner is pivotal to the company’s ability to continue operating.”
With the specific case, Sanders notes: “Sierra Wireless will now need to determine if sensitive information has been stolen. They need to determine how the bad actors were able to access the network and remediating appropriately is critical, in addition to assessing whether the attackers have deployed means of persistence.” One of the example is with bad actors getting onto a system and then waiting of the right opportunity to attack.
In terms of what happens when a ransomware attack happens, Sanders says: “Recovering from a ransomware attack takes time, and a pre-written incident response plan will prove invaluable. Aside from planning their response to a successful attack, organizations should keep their prevention and detection technologies.”
The ultimate preventative measures are, Sanders says: “A properly configured security monitoring solution that has full visibility into the environment with an automated response capability will help organizations identify malicious activity and thwart bad actors before a ransomware attack happens.”
