31 Jul 2017 Targeted Ransomware – A Devil in the Midst
Recently, a major Canadian company suffered a targeted ransomware attack and was forced to pay $425,000 to restore the encrypted data of both its production base and back-up servers. We have spoken and warned of ransomware in the past, particularly in the aftermath of the global WannaCry attack. Most ransomware attacks are untargeted, wide-spread attacks which infect as many hosts as possible with different keys and let victims recover back-ups for a few hundred dollars in bitcoin. Two hospitals in California as well as the University of Calgary are reported to have suffered targeted ransomware attacks demanding ransom in the tens of thousands of dollars. The attack on the major Canadian company was a different class altogether; it was a targeted attack involving seed ransomware, one victim, and demanding a much larger pay-out, in the hundreds of thousands.
Why should industrial sites care?
Targeted ransomware is a grave concern for industrial sites for several reasons. The targeted remote control nature of the attack means that the attacker penetrates the network perimeter through a bi-directional connection, directly or indirectly with the Internet, moves laterally over time throughout targeted networks, seeding the encrypting malware in all of the right places, and causing maximum impairment when the attacker sets off the encryption. With industrial systems, there is no recovering lost production or equipment damaged by emergency shutdown procedures from back-ups.
Protect your perimeter – curb your risk
Given that cyberattacks on industrial sites increased by 110% worldwide in 2016, it is only a matter of time before they also start suffering targeted ransomware attacks. The good news is that many critical industrial sites have unidirectional gateways protecting their control networks, immunizing them from any remote malware or targeted ransomware. Installed on the ICS perimeter, Waterfall Unidirectional Gateways prevent this kind of attack by blocking the interactive remote control needed to look around the industrial site and seed the ransomware for maximum impairment. What’s more, with Waterfall’s Unidirectional Gateways deployed, cyber risks are covered as the exclusive, preferred cyber security technology for industrial cyber insurance policies from Lloyd’s of London syndicated companies. Unidirectional Gateways so dramatically reduce network attack risks, including targeted ransomware, that Lloyd’s cyber policies are available only to Waterfall-protected sites. Backed by the expertise of a global risk management and international insurance authority, Waterfall’s Unidirectional Gateways are the defense for industrial targeted ransomware attacks.