Ransomware is a major threat to Iowa. The state’s unique circumstances make it a target for ransomware. Iowa, largely considerd the agricultural capital of the United States has several critical industries. At the same time, the state has limited options for handling a ransomware attack due to its comparateively thin cyber security industry. Here is why ransomware can be uniquely devastating to Iowa.
Iowa’s Industries are Critical
Iowa is considered the agricultural capital of America because it is home to several key agricultural industries. Iowa is a huge meat packer, processing more pigs than any other state in America. Other animals farmed at mass scale are cattle and turkeys. Iowa is also the US’ main producer of corn and soy beans, two important commodity crops that go into a variety of products. Products like soy beans are one of the United States’ biggest exports.
And because Iowa is a major producer of corn (maize), it is also a primary producer of Ethanol. Which is among several alternative energy sources Iowa is a leader in.
Iowa is home to another industry that is a valuable target which is insurance. Des Moines has $3 billion of insurance payroll each year. The biggest paid ransom last year was by an insurance company for $40,000,000 in bitcoin. This signaled to hackers that a successful attack on an insurance company may lead to a huge payout.
Finally, Though Iowa is home to massive insurance and agricultural conglomerates, it is also home to a plethora of SMBs, many of which do not have dedicated IT teams. Ransomware gangs do not discriminate in the majority of their attacks and will target SMBs as well as big enterprises. A ransomware attacks often devastate SMBs because they cannot recover from the lost funds for ransom payment, the costs to rebuild the business, or the lost trust they inevitably face after an attack. If too many SMBs are attacked it can devastate the Iowa economy by destabalizing many people’s ability to earn a living.
Iowa’s Unique Challenges Against Ransomware
Iowa faces many of the same challenges against ransomware as other states. Challenges like not having enough cyber security professionals, no real government assistance should a business or institution have to pay ransom, and an aging workforce affect many states in the US.
But the challenges Iowa faces are compared to other places. Iowa does not have a large cyber security industry compared to other, more tech invested states. Iowa’s overall tech industry is also small in comparison. Other than data centers, Iowa has not invested much into tech. The state also has a hard time attracting tech talent compared to other states. Instead of Iowa, many of these professionals choose states like New York, California, Illinois, Texas, Missouri, etc. The result is that the state of Iowa and it’s businessees do not always have as many immediate technical resources for combating ransomware, negoatiating ransoms, or organizing a recovery effort.
Iowa also isn’t the first place many Americans think of. And while the work world is is now more remote, leading to issues becoming more national, a ransomware attack in Iowa will likely go under the radar much more than an attack in say New York. There are exceptions to this however. Such as the attack against JBS foods in 2021 which made national news. A ransomware gang was able to extract a payout of about $11 million.
But another ransomware attack against an Iowa grain CO-OP saw a ransom demand for $5.9 million which the group threatened would increase to $11.3 million if not paid in time. The attack was only widely known in Iowa. Both these ransom amounts exceed what the colonial pipeline paid which was $4.4 million.
What Does the Future Hold?
Iowa will likely see itself becoming a lucrative target in the future.
Currently, the state of Iowa does not have any laws preventing organizations from paying ransom. This could theoretically make Iowa a greater target than somewhere like New York that does have laws against paying ransom.
Iowa’s agriculture industry feeds America and its Ethanol production provides energy and helps diversity from fossil fuels. If the colonial pipeline or JBS provide any precedent, its that critical industries are the most likely to pay ransom simply because the US government and society needs them up and running as soon as possible.
Large, wealthy corporations in industries like agriculture, manufacturing, and insurance all have a critical presence in Iowa. This means that if those locations are infiltrated, there could be dire consequences.
What Can Iowa do to Tackle Ransomware?
Tackling ransomware is going to take a conserted effort from the Iowa government, private organizations, and individuals. Defending against ransomware is all about being prepared and using best practices.
The government is Iowa is going to need to become more engaged and sensitive to the issues facing businesesses regarding ransomware. There isn’t currently any playbook for how to do this. Any regulation regarding the paying of ransom is new in the few states that have it.
Actions the Iowa State Government Can Take:
- Create accessible tools for Iowa residents to learn about ransomware and simple ways to prevent it. This will help train residents for their day to day lives as well as their jobs.
- Create guidance and regulation requiring businesses to follow security best practices. For example, requiring two factor authentication when logging into servers that host critical data like health or finances.
- Consider legislation such as banning the payment of ransom (no previous history of this being succesful or not)
- Work with local businesses espcially in the technology space. Businesses like LightEdge, ZebraHost, etc would be able to offer advice and services if needed. Other businesses like BlackHill which helped recover the funds from the colonial access pipeline attack have a limited presence in Iowa and can also be resources.
How Can ZebraHost Help?
ZebraHost offers businesses in Iowa secure cloud solutions and ransomware protection. ZebraHost offers private clouds, dedicated hardware, secure VPS’, email with DKIM and ransomware protection.
ZebraHost also hosts in a leading data center in Iowa. Our great relationship gives us a strong line of communication so that if there is ever a security issue on either end, the other will know and be able to repond. The data center also provides ZebraHost with over 11 different certifications including HIPAA, PCI, and HITRUST.
We have a unique solution for ransomware that can stop an encryption process dead in its tracks. Zebra Ransomware Stopper deploys decoy files that trap and stop ransomware. It is affordable, and easy to scale for businesses of all sizes.
Learn more of schedule a demo here.
Summary
Because of the number of critical industries in Iowa and its comparatively low number of cyber security professionals, Iowa may become a high profile target for ransomware gangs in the future. We’ve already seen attacks resulting in multi-million dollar ransom demands hit the Iowa agricultural sector.
Iowa will need to become more vigilant about ransomware and the government will need to work closely with experts in the state to craft suggestions and regulations aimed and preventing ransomware. The small size of Iowa’s tech industry has allowed businesses to develop relationships with each other. If businesses in Iowa know who the experts are for 1. preventing ransomware, 2. auditing best security practices, and 3 how to recover from ransomware, it will greatly benefit Iowa and fortify it against ransomware attacks.