The growing threat of operational technology ransomware

operational technology ransomware

Ransomware is a highly dangerous type of malware that’s plagued individuals and organisations for years. The malicious program encrypts systems and data until users pay the ransom, usually in untraceable Bitcoin. It’s an effective method for hackers to extort cash from their victims.

According to a Telstra 2019 survey involving over 300 Australian organisations, nearly half of the respondents suffered a cyberattack in the past 12 months. Of those who were attacked, 81% were hit with ransomware, and 51% of companies were forced to pay the ransom. Although the report indicates that ransomware attacks are slowing down, cybercriminals are merely changing their methods. Instead of solely attacking computer systems, they’re targeting operational technology (OT).

What is operational technology ransomware? 

OT is a category of hardware and software designed to control physical devices and processes. This technology is often used in building management and industrial control systems for transportation, public utilities, and manufacturing. Over the years, OT has become increasingly connected to IT systems and networks, enabling greater efficiency. Factory managers, for instance, can watch over machinery and automate operations from a single terminal.

However, implementing internet-connected OT can expose organisations to the same risks that come with computer systems. This includes ransomware.

Operational technology ransomware works by locking control systems, rendering connected devices inoperable unless the ransom is paid. They’re usually distributed through malicious emails but they also spread by exploiting fundamental flaws within a network. The difference is OT-based ransomware has the potential to physically sabotage a company’s operations. In fact, such attacks have already occurred across Australia and around the globe.

Ransomware and smart buildings

Now that buildings are featuring more smart gadgets, such as automated thermostats, they’re more likely to get attacked by ransomware. This is because smart gadgets are not as thoroughly secured as IT systems. They’re difficult to update, have limited third-party security software, and are shipped with default passwords that are often left unchanged.

Hackers who can inject ransomware into centralised building automation systems will virtually have full control of a building. They can turn off heating and cooling, lock access controls, and kill the power. The result of losing control of these systems may range from mild discomfort to potential life-and-death scenarios. With so much at stake, property managers may be forced to foot the expensive ransom bill to ensure everyone’s safety. 

Halted production lines

Industrial machines infected by ransomware can cause major disruptions to manufacturers. Such was the case in 2017 when a Cadbury chocolate factory in Tasmania fell victim to a ransomware attack called Petya. The ransomware caused the manufacturer’s systems to go offline, causing operations to come to a grinding halt.

By targeting operational technology, attackers force a difficult decision on manufacturers: lose millions of dollars in downtime or pay the ransom. Abrupt shutdowns may also cause damage to property or physical assets.

Critical infrastructure under attack

In addition to buildings and factories, OT ransomware can affect a city’s critical infrastructure. In July 2019, a major electricity supplier in Johannesburg suffered a ransomware attack, leaving some residents without power. While this attack took place in South Africa, a similar incident occurring in Australia is not implausible. 

Recent reports suggest that Australia’s electricity grids from Port Douglas to Tasmania could be a prime target for ransomware attacks. Victorian security auditors found that the state’s water infrastructure control systems may also be vulnerable. Even 55 traffic cameras in Victoria were affected by Wannacry ransomware in 2017. 

Infrastructure control systems are more susceptible to OT ransomware than ever because they’re now connected to a wider network. Meanwhile, infrastructure providers use inadequate security measures. They may also be forced to pay the ransom just to avoid service disruptions and safety hazards. This makes critical infrastructure a lucrative target for ransomware.

How can organisations defend against ransomware?

The devastating effects of ransomware attacks can be avoided if organisations are fully prepared for them. There are six crucial steps to defending against ransomware:

  • Conduct penetration tests to identify weaknesses that leave you open to ransomware attacks. These are usually conducted by third-party cybersecurity experts. 
  • Change default passwords, install the latest patches, set strict access permissions, and make sure OT is physically inaccessible to unauthorised users.    
  • Implement holistic security solutions that include firewalls, anti-malware, web filtering, and advanced threat protection. 
  • Teach employees about how ransomware spreads to help them understand how they can prevent an attack.   
  • Back up your data regularly offline and online in the cloud. This ensures systems and data are recoverable in case of a ransomware incident. 
  • Never pay the ransom! Paying cybercriminals encourages them to attack your company again in the future. 

There’s no way to stop cybercriminals from using increasingly sophisticated attacks, but that doesn’t mean you can’t defend yourself. By partnering with Empower IT Solutions, you can ensure your business is not just another statistic. Contact us now to get specialised ransomware protections from one of the top managed services providers in Australia.