Researchers have developed new ransomware that is able to take over industrial control systems. Logic Locker, as the researchers at the Georgia Institute of Technology call their ransomware, was demonstrated against a simulated water treatment plant.
During the demonstration, the researchers showed how the ransomware PLCs (programmable logic controller) of the plant could operate to close valves more chlorine to add to the water and to display false positives. To our knowledge there are no industrial systems that are affected by ransomware, but the researchers expect that this is only a matter of time.
In this way, criminals instead of just files hostage, may attack major water treatment plants or other systems. “Hacking the programmable logic controllers in these systems is the next logical step for the attackers”, said researcher David Formby. The researchers argue that industrial control systems miss critical security protocols. In many cases, the systems are also not designed to be connected to the internet.
Accoding to the researchers, to protect against possible ransomware, all default passwords within an installation and protocols that have not been eliminated in use should be modified. Furthermore, when purchasing new business equipment there is a need to install firmware updates, examine the security features, networking, monitoring and implementing network segmentation. Personal access to the system should be prohibited for example, the use of personal USB sticks.
“ICS networks have largely succeeded in avoiding malware. Not because they are safer, but because cybercriminals have yet to come up with a good business model. Recent attacks have shown at hospitals how profitable ransomware may be as important components are taken hostage that may result in human casualties”, the researchers said in their conclusion. They point to reports suggesting that attackers are beginning to focus on the ICS network.