Researchers demonstrate ransomware for industrial control systems

We’ve witnessed ransomware targeting Windows and Linux systems and Macs, Android devices, smart TVs, and even a ransomware scheme targeting iPhone users (though not effected through malware).

Initial targets of ransomware-wielding criminals were mostly individual users. Not long after, the crooks discovered that they could get greater sums from businesses and organizations whose critical data and systems they managed to encrypt and/or make unusable.

So they began hitting hospitals and other healthcare institutions, universities and schools, police departments and transportation systems, and businesses of every kind.

Such a lucrative business model is not going to be abandoned soon, and we are sure to witness its evolution. But what’s next?

Ransomware targeting PLCs

A group of researchers from Georgia Tech School of Electrical and Computer Engineering showed that it’s possible to craft ransomware aimed at compromising and fiddling with industrial control systems.

The team demonstrated their own proof-of-concept ransomware targeting programmable logic controllers (PLCs) at RSA Conference 2017 on Monday, showing how a hacker might disrupt the regular functioning of a water treatment plant.

They started their research into this attack possibility by identifying severs common PLCs in use at industrial facilities, then obtained three different devices for testing. They probed them for security issues such as weak authentication mechanisms and susceptibility to settings changes, and finally combined them with pumps, tubes and tanks to create a simulated water treatment facility.

Here is how the general flow of an ICS ransomware attack could look like:

ransomware ICS

“ICS networks have so far remained largely unscathed by malware not because they are more secure than traditional networks, but because cybercriminals have yet to figure out a profitable business model to make such attacks worth their time,” they noted.

But “recent attacks on hospitals have demonstrated how profitable ransomware can be when used to hold operationally critical assets hostage with the threat of human harm, and reports suggest attackers are beginning to shift their focus on ICS networks.”

I would imagine that the ransom demanded in these cases could be higher than anything seen so far, as the damages to the physical systems could be extensive and the potential for human harm is great. On the other hand, the risk for the attackers is also higher, as government agencies would surely get involved in tracking them down.

RSA Conference 2017

Don't miss