Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

CISA Warns of Threat Posed by Ransomware to Industrial Systems

Following the devastating attack on Colonial Pipeline, the largest refined products pipeline in the United States, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet focusing on the threat posed by ransomware to operational technology (OT) assets and industrial control systems (ICS).

Following the devastating attack on Colonial Pipeline, the largest refined products pipeline in the United States, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet focusing on the threat posed by ransomware to operational technology (OT) assets and industrial control systems (ICS).

The Colonial Pipeline attack, which involved Russian cybercriminals and the Darkside ransomware, forced the company to shut down operations. The incident had significant implications, including states declaring a state of emergency, temporary gas shortages, and gas prices rising.

“OT components are often connected to information technology (IT) networks, providing a path for cyber actors to pivot from IT to OT networks,” CISA said. “Given the importance of critical infrastructure to national security and America’s way of life, accessible OT assets are an attractive target for malicious cyber actors seeking to disrupt critical infrastructure for profit or to further other objectives. As demonstrated by recent cyber incidents, intrusions affecting IT networks can also affect critical operational processes even if the intrusion does not directly impact an OT network.”

Learn more about threats to industrial systems at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

The agency has advised critical infrastructure owners and operators to take measures to address the risk of ransomware attacks.

The 3-page fact sheet released by CISA last week provides a summary of the steps organizations should take to improve their resilience against ransomware attacks. In some cases, the fact sheet includes links to more detailed guidance.

The document provides recommendations for preparedness, which includes determining the reliance of critical OT processes on key IT infrastructure, and creating a resilience plan for situations where control of IT and/or OT systems is lost and workarounds or manual controls are needed to ensure the uninterrupted operation of critical processes.

Having an incident response plan and regularly exercising it, and having backups that are isolated from systems that could be hit by ransomware are also recommended.

Advertisement. Scroll to continue reading.

As for mitigations, CISA recommends practicing good cyber hygiene, implementing robust segmentation between IT and OT networks, and implementing a continuous and vigilant system monitoring program.

When it comes to responding to ransomware attacks that may impact ICS, the agency recommends a series of steps that include determining which systems are impacted and isolating them, disconnecting or shutting down impacted devices to prevent the ransomware from spreading, triaging affected systems for restoration and recovery, conducting an initial investigation, and engaging internal and external parties (including CISA) for assistance.

If none of the initial mitigation actions appear possible, CISA recommends collecting system images, memory dumps and other digital evidence, and consulting law enforcement to find out if a decryptor is available for the ransomware that targeted them.

Related: NSA, CISA Urge Critical Infrastructure Operators to Secure OT Assets

Related: CISA Releases Tool to Detect Microsoft 365 Compromise

Related: CISA Details Malware Found on Hacked Exchange Servers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.