urban-gro's Vice President of Technology, Ryan Ninness, was interviewed by MJBizDaily on how cannabis companies can protect themselves from the onslaught of ransomware.
Even as ransomware attacks on high-profile mainstream companies such as Colonial Pipeline and JBS Foods have grabbed headlines in recent months, cannabis companies appear largely unprotected from malicious actors launching such schemes.
That could prove costly to any marijuana companies that fall victim to the crime, which forces targeted businesses to pay a ransom to regain access to data and files that have been stolen and then locked or encrypted.
With the onset of the coronavirus pandemic and the resulting remote workforce, ransom attacks last year were up 150% over 2019 and the amount victims of the attacks paid rose more than 300%, according to the Harvard Business Review.
Efforts to detect and report ransomware payments are critical to preventing and deterring ransomware attacks and holding the attackers accountable for their crimes, according to the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN).
“As the past few months have demonstrated, the surge in ransomware attacks threatens our critical infrastructure, municipalities and the most vulnerable among us and is increasingly impacting the lives of the American people,” Michael Mosier, FinCEN’s acting director, said in a July news release.
But most cannabis companies haven’t taken steps to defend themselves against ransomware attacks, according to an informal MJBizDaily survey conducted in July.
Of the 41 people responding to the poll, 59% said their marijuana companies had not taken steps to prevent attacks, while 41% said the businesses had.
Ransomware is a nefarious hack that takes control of a company’s files and data and locks them.
The attackers gain access through a phishing email that deploys malware when an unsuspecting employee clicks on a link. Attackers typically want to be paid in cryptocurrency to allow the targeted company to retrieve the stolen data and files.
Cannabis companies are vulnerable for different reasons:
- The perception exists that marijuana businesses are flush with money and can easily afford to pay to retrieve their data.
- They typically don’t have strong information technology departments.
“You have to think about how cryptolockers and ransomware works to understand how vulnerable you are,” said Ryan Ninness, vice president of technology at Urban-Gro, a cannabis cultivation facility design and engineering firm based in Lafayette, Colorado.