WannaCry and NotPetya are the two devastating ransomware attacks that have infected countless systems globally during 2017. They are encrypting the compromised systems and demand some amount of money to be sent to a certain BitCoin Wallet if the owner wants to release the systems and get the files back. The attacks used an exploit named EternalBlue which is a vulnerability in the Server Message Block (SMB) protocol that is installed on every Windows system. It allows an attacker to execute code remotely without user interaction. The resulting malware is classified as a worm and is spreading itself through the network faster than any IT department could potentially react.
The vulnerability leveraged by these worms has been patched by Microsoft in March 2017, however industrial systems are having a difficult time managing the defense against them. Updating requires stopping and / or shutting down both manufacturing and control systems. This may result in a significant loss of profit or, in case of nuclear systems or medical services, potentially in catastrophic consequences or even death of hospital patients. To solve the problem, organizations have to take a decision which is split between a) willingly turning down the production systems to patch the vulnerability and voluntarily taking the losses in a controlled manner; or b) maintaining the production and support at its expected level yet remaining vulnerable to the exploits, which potentially causes failures and could impact the production at an unforeseeable scale. Industrial environments should be taking even greater care because these systems are commonly known for poor IT and OT networks segmentation, old unpatched systems, weak passwords and none or few protection measures.
One recent example is Reckitt Benckiser (Durex manufacturer) who reported a revenue loss of £100 million due to the NotPetya malware which has crippled their production and shipping systems. Now imagine a ransomware that specifically holds your production line as hostage and demands a payment based on your production losses. Criminals have already started to encrypt exposed webservers and databases to blackmail their owners, it is only a question of time until some of them will specialize on industrial control systems.
IT District can help you to identify, implement and maintain the best possible protection of your industrial control systems.
Get in touch with us today firstname.lastname@example.org