Ransomware attacks have surged. Last month the New York Times reported that 205,280 organizations were victims of ransomware attacks in 2019—a 41% increase from 2018. And payments spiked to an average of $190,946 in the last month of 2019, with several organizations facing ransom demands in the millions of dollars.
It was no surprise that ransomware was a HOT topic at the 4th Annual Boston Conference on Cyber Security. The event, hosted by Boston College and the Federal Bureau of Investigation (FBI), brought together hundreds of cyber security professionals, educators, and law enforcement personnel to discuss trends in the threat landscape and best practices on resiliency and mitigation. Revolutionary Security’s Director of OT Security, Jason Holcomb, took part in a panel discussion on the ransomware epidemic and the threat it poses to critical infrastructure.
Holcomb’s comments on how vulnerable OT systems are to ransomware caused some alarm among participants. “Ransomware is not a front office phenomenon. Industrial controls systems, process control networks, and OT environments are not immune.”
To date, most companies have focused on safeguarding their IT networks from ransomware and similar attack methods. Holcomb urged companies to take notice that their industrial control systems may be more attractive targets to bad actors looking for a pay day than IT systems.
Why Are Industrial Control Systems Vulnerable to Ransomware?
On the ICS side of things, an interruption to operations can have a significant impact. Holcomb explained, “Halting production of energy, oil, or manufactured goods, is a direct attack on a company’s bottom line, which means the attacker may believe you have greater incentive to pay the ransom and therefore you are a more attractive target.”
The 2015 cyberattack on Ukraine's electric grid, which temporarily left 225,000 customers without power, was the first confirmed hack to degrade a power grid. It was also a wake-up call for others that their networks are vulnerable.
Today, threat actors are going beyond just breaching Windows systems. Advanced malware is now attacking some of the embedded devices within industrial control systems. In fact, a new form of ransomware, known as Snake or Ekans, has been identified that appears to focus on freezing the software responsible for industrial processes at big oil and petroleum companies.
If You Suspect an Attack, Get the FBI Involved
Holcomb shared the importance of involving law enforcement in incident response and investigation. When Revolutionary Security responded to an incident at an oil and gas company, an early action was to contact the local FBI field office. In this case, the company’s security team was concerned that an IT breach could impact oil production and the physical infrastructure controlling drilling and oil pipeline movement. The team worked quickly to remediate the vulnerability (fortunately, the OT environment had not been breached) and restore business systems, and no ransom was paid.
Getting the FBI involved proved to be extremely beneficial. A year later the FBI reached out to our client to let them know they detected recurring malicious activity related to a separate incident. Our team was immediately contacted by the client and we worked with them to quickly respond to and contain the attack.
This is just one example of the value the FBI brings to the investigation process. FBI Director Christopher Wray expressed in his conference keynote that the agency no longer wants to be thought of as the entity to keep at arm’s length, but rather as a partner in a united front against cybercrime. To this end, the FBI has established field-level ambassadors to support community outreach and build relationships with enterprises and security professionals so there is an avenue for quick collaboration in advance of a cyber incident.
We look forward to being involved in next year’s conference and hope you will consider attending.
Is your organization ready to defend against ransomware?
Download our ransomware readiness guide and register for our upcoming webcast; The Evolving Business of Malware: How to Keep Your Manufacturing Business Running During the Next Outbreak