Ransomware attacks are becoming more prevalent in industrial facilities, targeting legacy industrial control systems (ICS).
According to a report by Trend Micro, the threat of ransomware has seen a significant rise in activity during the past year and become a “concerning and rapidly evolving threat” to industrial control systems globally, as such attacks can disrupt processes and cause downtime.
The goal of a ransomware attack is to make money. Cybercriminals know that if they can disrupt the industrial control systems of factories and other facilities that have to be uptime all the time, they have a good chance of getting the money. Utility networks are also vulnerable to these attacks for the same reasons.
“The underground cybercrime economy is big business for ransomware operators and affiliates alike. Industrial Control Systems found in critical national infrastructure, manufacturing and other facilities are seen as soft targets, with many systems still running legacy operating systems and unpatched applications. Any infection on these systems will most likely cause days if not weeks of outage,” said Bharat Mistry, technical director at Trend Micro.
Successful ransomware campaigns can be very lucrative. In one instance, REvil cybercriminals were able to make $11 million in Bitcoin after attacking JBS, a meat processor company.
While the attack on the Colonial Pipeline a month ago, which affected almost half of the US’ refining capacity, highlighted the real dangers of ransomware attacks.
Cybercriminals are increasingly targeting industrial control systems with various types of ransomware. Some of the most popular variants belong to the Ryuk malware family.
Ryuk is a type of ransomware that affects almost 20% of all ICS attacks. It is mainly distributed by Nefilm, REvil, and LockBit gangs.
According to a report by security firm Secureworks, the US gets the most instances of ransomware attacks. The report also noted that the attacks against critical infrastructure such as hospitals and schools are most prevalent in the USA too, followed by India, Taiwan, and Spain.
Trend Micro says it’s important to regularly patch systems with security updates to prevent exploitation.
If a patch is not an option, then the network should be segmented into various parts to separate sensitive industrial control systems from internet-facing systems.