Can Ransomware Tamper with Critical Infrastructure?

Fileless-Malware-BlogA ransomware strain was discovered last month by security firm Dragos that actively seeks out and forcibly stops applications used in industrial control systems (ICS).  The researchers dubbed this new strain Ekans.
While this form of ransomware also encrypts data and displays a note to victims demanding payment to release it; it’s designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. That allows it to then encrypt the data that those control system programs interact with. This can have devastating consequences if dams, electric grids, and gas refineries are targeted. Ekans is described as crude by researchers when comparing it to other forms of malware that have been designed to target internal control systems.  Think back to the Ukrainian power plant targeted in December 2016, or Stuxnet worm that targeted Iran’s nuclear program.  Though crude, researchers describe Ekans as something they should be concerned about.  “While all indications at present show a relatively primitive attack mechanism on control system networks, the specificity of processes listed in a static ‘kill list’ shows a level of intentionality previously absent from ransomware targeting the industrial space,” Dragos researchers wrote. “ICS asset owners and operators are therefore strongly encouraged to review their attack surface and determine mechanisms to deliver and distribute disruptive malware, such as ransomware, with ICS-specific characteristics.” The other thing that worries researchers about Ekans, and its predecessor Megacortex, is that these are both thought to be criminal ransomware, rather than state sponsored terrorism.  EKANS could signal that industrial hacking tactics are proliferating to common criminals. “It implies an increasing willingness and ability of non-state actors to significantly impact or impair critical infrastructure entities,” says Joe Slowik, researcher at Dragos. Some people seem to think that targeting these systems for profit is worse than terrorism, but at the end of the day, protection of these industrial control systems are crucial.

Leave a Comment

Your email address will not be published. Required fields are marked *