Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

CISA Warns of Threat Posed by Ransomware to Industrial Systems

Following the devastating attack on Colonial Pipeline, the largest refined products pipeline in the United States, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet focusing on the threat posed by ransomware to operational technology (OT) assets and industrial control systems (ICS).

Following the devastating attack on Colonial Pipeline, the largest refined products pipeline in the United States, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet focusing on the threat posed by ransomware to operational technology (OT) assets and industrial control systems (ICS).

The Colonial Pipeline attack, which involved Russian cybercriminals and the Darkside ransomware, forced the company to shut down operations. The incident had significant implications, including states declaring a state of emergency, temporary gas shortages, and gas prices rising.

“OT components are often connected to information technology (IT) networks, providing a path for cyber actors to pivot from IT to OT networks,” CISA said. “Given the importance of critical infrastructure to national security and America’s way of life, accessible OT assets are an attractive target for malicious cyber actors seeking to disrupt critical infrastructure for profit or to further other objectives. As demonstrated by recent cyber incidents, intrusions affecting IT networks can also affect critical operational processes even if the intrusion does not directly impact an OT network.”

Learn more about threats to industrial systems at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

The agency has advised critical infrastructure owners and operators to take measures to address the risk of ransomware attacks.

The 3-page fact sheet released by CISA last week provides a summary of the steps organizations should take to improve their resilience against ransomware attacks. In some cases, the fact sheet includes links to more detailed guidance.

The document provides recommendations for preparedness, which includes determining the reliance of critical OT processes on key IT infrastructure, and creating a resilience plan for situations where control of IT and/or OT systems is lost and workarounds or manual controls are needed to ensure the uninterrupted operation of critical processes.

Having an incident response plan and regularly exercising it, and having backups that are isolated from systems that could be hit by ransomware are also recommended.

Advertisement. Scroll to continue reading.

As for mitigations, CISA recommends practicing good cyber hygiene, implementing robust segmentation between IT and OT networks, and implementing a continuous and vigilant system monitoring program.

When it comes to responding to ransomware attacks that may impact ICS, the agency recommends a series of steps that include determining which systems are impacted and isolating them, disconnecting or shutting down impacted devices to prevent the ransomware from spreading, triaging affected systems for restoration and recovery, conducting an initial investigation, and engaging internal and external parties (including CISA) for assistance.

If none of the initial mitigation actions appear possible, CISA recommends collecting system images, memory dumps and other digital evidence, and consulting law enforcement to find out if a decryptor is available for the ransomware that targeted them.

Related: NSA, CISA Urge Critical Infrastructure Operators to Secure OT Assets

Related: CISA Releases Tool to Detect Microsoft 365 Compromise

Related: CISA Details Malware Found on Hacked Exchange Servers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...