Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

CISA Warns of Threat Posed by Ransomware to Industrial Systems

Following the devastating attack on Colonial Pipeline, the largest refined products pipeline in the United States, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet focusing on the threat posed by ransomware to operational technology (OT) assets and industrial control systems (ICS).

Following the devastating attack on Colonial Pipeline, the largest refined products pipeline in the United States, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet focusing on the threat posed by ransomware to operational technology (OT) assets and industrial control systems (ICS).

The Colonial Pipeline attack, which involved Russian cybercriminals and the Darkside ransomware, forced the company to shut down operations. The incident had significant implications, including states declaring a state of emergency, temporary gas shortages, and gas prices rising.

“OT components are often connected to information technology (IT) networks, providing a path for cyber actors to pivot from IT to OT networks,” CISA said. “Given the importance of critical infrastructure to national security and America’s way of life, accessible OT assets are an attractive target for malicious cyber actors seeking to disrupt critical infrastructure for profit or to further other objectives. As demonstrated by recent cyber incidents, intrusions affecting IT networks can also affect critical operational processes even if the intrusion does not directly impact an OT network.”

Learn more about threats to industrial systems at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

The agency has advised critical infrastructure owners and operators to take measures to address the risk of ransomware attacks.

The 3-page fact sheet released by CISA last week provides a summary of the steps organizations should take to improve their resilience against ransomware attacks. In some cases, the fact sheet includes links to more detailed guidance.

The document provides recommendations for preparedness, which includes determining the reliance of critical OT processes on key IT infrastructure, and creating a resilience plan for situations where control of IT and/or OT systems is lost and workarounds or manual controls are needed to ensure the uninterrupted operation of critical processes.

Having an incident response plan and regularly exercising it, and having backups that are isolated from systems that could be hit by ransomware are also recommended.

As for mitigations, CISA recommends practicing good cyber hygiene, implementing robust segmentation between IT and OT networks, and implementing a continuous and vigilant system monitoring program.

When it comes to responding to ransomware attacks that may impact ICS, the agency recommends a series of steps that include determining which systems are impacted and isolating them, disconnecting or shutting down impacted devices to prevent the ransomware from spreading, triaging affected systems for restoration and recovery, conducting an initial investigation, and engaging internal and external parties (including CISA) for assistance.

If none of the initial mitigation actions appear possible, CISA recommends collecting system images, memory dumps and other digital evidence, and consulting law enforcement to find out if a decryptor is available for the ransomware that targeted them.

Related: NSA, CISA Urge Critical Infrastructure Operators to Secure OT Assets

Related: CISA Releases Tool to Detect Microsoft 365 Compromise

Related: CISA Details Malware Found on Hacked Exchange Servers

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.