24 Feb 2017
Ransomware has become a household name over the last two years by victimizing not only PC users, but small businesses, as well – most notably financial and medical institutions – by holding data and files hostage in order to blackmail their marks into paying millions of dollars in ransoms.
If you are not, however, familiar with ransomware, then it is time that you get acquainted with it because the ransomware of our near future may not just impact your bank account, but the health of you and your loved ones, as well.
What is Ransomware?
Ransomware is the newest trend of malware in which cybercriminals infiltrate a target’s computer system and hijack the content with complex algorithms that is almost impossible to decode without the encryption code. Once encrypted, hackers send the victim a ransom note which threatens to erase the data unless a ransom is paid. The cyber kidnappers almost always demand that the sum be paid in bitcoins – a new(er) universal monetary denomination that is almost impossible to trace.
Needless to say, this makes for an easy payday.
But what happens when these criminals start getting creative with their demands? Could they start threatening to do more than just wipe out a hard drive?
The short (and very real) answer is… Yes.
What is the latest threat?
After a new strain of ransomware, “LogicLocker,” was presented at this year’s RSA Conference in San Francisco, CA, researchers at the Georgia Institute of Technology (GIT) began to investigate, and what they have found is beyond alarming.
In fact, they recently created code in a laboratory environment that is capable of taking control of a water treatment plant. This means that hackers could potentially threaten to cut off – or even poison – the water of an entire city if a ransom is not met by taking control of the tiny computers – called Programmable Logic Controllers (PLCs) – that are found inside Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA). The PLCs are absolutely critical to the infrastructure of both power plants and water treatment facilities alike, due to their ability to control such critical functions as chlorine levels, report generation, and power.
Fortunately, this has yet to happen. Unfortunately, researchers warn, it is only a matter of time before it has attempted in a real life situation. They believe hackers will eventually target a critical industry so it is important that all businesses that operate critical mechanical systems remain vigilant. This includes utility companies, energy providers, and waste and water treatment plants, though this is NOT an exhaustive list.
PERSONNEL EDUCATION AND DILIGENCE ARE KEY!!
What did researchers do?
GIT researchers successfully executed this simulated attack by first learning as much as they could about the three different types PLCs that are currently available. What they found after a brief online search of just two of the PLC models was that over 1,500 are actually vulnerable.
According to GIT researcher David Formby, there is a widely spread misconception regarding what is and is not connected to the internet. “Operators may believe their systems are air-gapped and that there’s no way to access the controllers, but these systems are often connected in some way.”
LogicLocker hackers could kidnap these critical systems by targeting the exposed PLCs. Once infected, the hijacker would have the ability to reprogram the computer with a new password, thus locking out legitimate users until their demands are met.
This scheme is scary in its simplistic nature and the threat is very real.
How can potential targets mitigate their risk?
Researchers warn that it is absolutely crucial for ICS and SCADA operators to make sure they are taking the steps necessary to secure their networks by complying with such practices as:
- Setting up strong firewalls
- Regularly changing passwords
- Requiring strong passwords
- Installing monitoring systems that are constantly scanning for threats
The old adage is true –An ounce of prevention is worth a pound of cure.
The best way to deal ransomware is to not become a victim.