Ransomware attacks have been increasing in frequency and severity in recent years, with some high-profile incidents causing significant damage to both individuals and organizations. While there are many different types of cyber-attacks, ransomware has become the preferred method for many cyber criminals. In this article, we will explore why this is the case and why it is true, even for industrial organizations where cyber-physical attacks are often through to be the primary threat.
Ransomware attacks typically involve encrypting an organization’s data or locking users out of their systems until a ransom is paid. This type of attack can be particularly devastating because it can cause an organization’s operations to grind to a halt, leading to significant financial losses and reputational damage. Additionally, even if the ransom is paid, there is no guarantee that the attackers will actually decrypt the data or provide access to the systems.
One reason why ransomware is so attractive to cyber criminals is that it is relatively easy to deploy. Attackers can use a variety of techniques to gain access to a target’s systems, such as phishing emails or exploiting vulnerabilities in software. Once they have gained access, they can use off-the-shelf tools to encrypt the data or lock users out of the system. This means that even inexperienced attackers can launch a successful ransomware attack with minimal effort.
Another reason why ransomware is so attractive is that it is often a profitable venture for attackers. By demanding a ransom in exchange for the decryption key or system access, attackers can potentially make a significant amount of money. Additionally, because the payments are often made in cryptocurrency, it can be difficult for law enforcement to trace the funds, making it a low-risk, high-reward strategy for attackers.
The Overlooked Impact of Ransomware on Industrial Systems
Industrial organizations, often have complex (ICS/OT) systems and processes that are critical to their operations. If these systems are disrupted, it can have serious consequences to not only the organization, but also to human health and safety and even the wider community. Unlike business focused IT systems, the impact isn’t limited to financial loss, reputational damage, sensitive data exposure. The impact to an industrial system outage can often have actual life-threatening consequences. As a result, many consider cyber-physical attacks (cyber-attacks which can cause physical/kinetic consequences) to be the greatest threat to these systems, while ransomware attacks are still a major concern to industrial asset owner/operators, ransomware attacks are often overlooked as having physical and/or life-threatening consequences. The reality, however, is that ransomware can still be a serious threat to industrial systems and is currently proving to be the most impactful threat thus far. (It should be noted that medical device and healthcare systems also fall into the category of industrial systems that can have life-threatening consequences due to disruption or failure.)
For example, a ransomware attack on a power plant could lead to power outages and disruptions to essential services such as healthcare and emergency response. In fact, in Germany, a ransomware attack on a hospital caused the death of a patient who had to be transferred to another hospital due to the system outage[1]. Similarly, an attack on a transportation system could lead to significant disruptions to travel and logistics. For instance, in the United States, a ransomware attack on a major airline resulted in the grounding of flights and cancellations, causing inconvenience to passengers[2]. In these cases, the motivation for the attackers may not be to cause physical harm, but to simply profit from the disruption caused by the attack.
Furthermore, many industrial organizations have complex supply chains that rely on interconnected systems and processes. This means that an attack on one organization can have ripple effects throughout the entire supply chain. For example, an attack on a manufacturer could lead to delays or disruptions in the delivery of goods to retailers and ultimately, to consumers. The recent ransomware attack on the Colonial Pipeline in the United States led to fuel shortages and panic buying across the East Coast, while the attack on the world’s largest meat supplier, JBS, caused disruptions in meat production and supply chain. These incidents illustrate the widespread impact of ransomware attacks on industrial systems and the broader economy.[3] [4]
In conclusion, while ransomware attacks may not be as immediately physically dangerous as cyber-physical/kinetic motivated attacks, they remain a serious threat to organizations of all types, including industrial organizations. The ease of deployment and potential for profit make ransomware an attractive option for cyber criminals, and the disruption caused by these attacks can have significant consequences for both the targeted organization and the wider community. As such, it is essential for organizations to take steps to protect themselves against these types of attacks, such as implementing robust cybersecurity measures and educating employees about how to spot and avoid phishing attempts.
In my next article, we’ll examine the playbook and response steps for a ransomware attack.
Maximize the full potential of your IR tabletop exercises (TTX) with the ThreatGEN® Red vs. Blue Cybersecurity Simulation and TTX Platform.
Prepare your staff to respond to cyber incidents efficiently and effectively with our online courses, labs, and TTX platform. Want onsite classes or a facilitated TTX by industry experts? We’ve got you covered.
Learn more at ThreatGEN.com.
About the Author
Clint Bodungen is a world-renowned industrial cybersecurity expert, public speaker, published author, and cybersecurity gamification pioneer. He is the lead author of Hacking Exposed: Industrial Control Systems, and co-creator/lead designer of the ThreatGEN® Red vs. Blue cybersecurity gamification platform. Clint is a United States Air Force veteran, has been a cybersecurity professional for more than 25 years, and is an active part of the cybersecurity community, especially in ICS/OT (BEER-ISAC #046). Focusing exclusively on ICS/OT cybersecurity since 2003, he has provided his services to many of the world’s largest industrial organizations in the oil & gas, electric utility, and manufacturing sectors. Throughout his career, he has worked for notable cybersecurity companies Symantec, Kaspersky Lab, and Industrial Defender and has published dozens of technical papers and training courses on ICS/OT cybersecurity vulnerability assessment, penetration testing, threat research, and risk management. Clint hopes to revolutionize the global approach to cybersecurity education, and help usher in the next generation of cybersecurity professionals, by using computer games as an education medium (commonly known as gamification). His flagship product, ThreatGEN® Red vs. Blue, is the world’s first online, head-to-head (red team/blue team) multiplayer cybersecurity computer game, based completely on real-world cybersecurity.
About ThreatGEN®
ThreatGEN® Red vs. Blue is the next evolution in cybersecurity education, training, and IR tabletop exercises. It is a game-based cybersecurity simulation platform that combines the power of an actual computer gaming engine and active adversary simulation A.I., to provide the most practical and effective way for ANYONE to learn cybersecurity, from beginners to experts, and even leadership. It doesn’t require any prior technical knowledge or command line skills… not even to play as the red team! Used for cybersecurity education, awareness, training, and IR tabletop exercises, ThreatGEN® Red vs. Blue is immersive, interactive, and hands-on, and it’s supported by an education portal with online courses, labs, scenarios, and an online community.
For more information, visit our company website at https://ThreatGEN.com, follow us on LinkedIn at https://www.linkedin.com/company/threatgenvr/, or follow us on Twitter: @ThreatGEN_RvB.
For further sales information, send an e-mail to sales@threatgen.com.
+1 (833) 339-6753
#ThreatGEN #RedvsBlue #IndustrialCybersecurity #CybersecurityAwarenessTraining #CyberNews #IndustrialCyber
[1] “German hospital hacked, patient taken to another city dies, ” AP News, September 17, 2020 https://apnews.com/article/technology-hacking-europe-cf8f8eee1adcec69bcc864f2c4308c94
[2] “American Airlines and others carriers were left helpless after a system outage crippled operations, causing delays,” Business Insider, May 21, 2021 https://www.businessinsider.com/airlines-left-crippled-with-delays-after-sabre-system-outage-2021-5
[3] “Colonial Pipeline hack explained: Everything you need to know,” TechTarget, April 26, 2022 https://www.techtarget.com/whatis/feature/Colonial-Pipeline-hack-explained-Everything-you-need-to-know
[4] “JBS resumes meat production after weekend cyberattack,” June 3, 2021 https://www.cbsnews.com/news/jbs-meat-cyberattack-resumes-production/