Ransomware attacks are evolving rapidly to target Industrial Control Systems (ICS) endpoints worldwide with a significant rise in activity during the past year. A report by cybersecurity researchers at Trend Micro highlights this dominant trend.

The changing threat landscape

ICS networks that support critical utilities, such as water and power, need to be fully operational to provide services. The longer such networks stay down, the more disruption it causes.
  • According to the report, recent ransomware attacks are just financially motivated as hitting ICS networks in operational factories and manufacturing environments have a high chance of getting paid quickly.
  • Cybercriminals use several different types of ransomware targeting ICS. However, four families of ransomware (Ryuk, Nefilm, Revil, and LockBit) account for over half of these attacks. 
  • According to the report, the U.S. is one of the most targeted countries with the most cases of ransomware affecting ICS. Other affected countries include India, Taiwan, and Spain.

Recent attacks on ICS

Several ransomware attacks have been observed lately targeting major industries. Such disruption of OT and ICS systems in major industries has led to severe outcomes and loss of huge amounts of money.
  • U.S. water company WSSC Water was targeted in a ransomware attack on its network and hackers could access internal files. Customers were warned to monitor their financial transactions.
  • Last month, a food processing firm, JBS USA, had confirmed falling victim to REvil ransomware attacks that halted its OT/ICS systems, causing grave losses.
  • The recent DarkSide ransomware attack on Colonial Pipeline showed how a ransomware attack against an industrial target can have very dangerous consequences for the entire nation.

Conclusion

ICS, used in critical national infrastructure, manufacturing, and other facilities, has been a soft target for attackers since many of these systems are still running older OS versions and unpatched applications. Therefore, more needs to be done to protect networks at industrial facilities against such growing threats.

Cyware Publisher

Publisher

Cyware