Ransomware attacks against production management systems – A TrendMicro survey

Guest post from the ICS cyber security blog:
Ransomware attacks against production management systems – A TrendMicro survey

23 January 2021 – icscybersec

Ransomware attacks against various companies using production management systems have proliferated at an unprecedented rate in 2020. Here on the blog alone, I have written about XX such attacks, and according to a TrendMicro article published at the end of 2020, the number of ransomware attacks against the sector was almost one and a half times higher than the number of similar attacks against the second-ranked government agencies.

In his article, author Ryan Flores briefly summarises the impact of previous ransomware attacks on process control systems and concludes that ransomware does not necessarily need to target elements of a process control system to damage an organisation’s ability to monitor (Loss of View), control (Loss of Control) or produce (Loss of Productivity).

Moreover, for companies that consider the production of various products as the main purpose of the organisation, the double-encryption method started by Maze ransomware, whereby not only are files important to the organisation encrypted, but also a part of them is stolen and the stolen data is threatened with publication, puts the attackers in a different light. While for many organisations using a process control system (e.g. utilities) such a threat may pose a problem but not be able to fundamentally compromise the company’s operations, the exact proportions of the ingredients of different products (e.g. patented medicines) may be of such value that, if disclosed, they could threaten the very existence of the organisation.

TrendMicro’s article also discusses the characteristics of the most common ransomware that attacks companies using manufacturing automation systems and provides some suggestions on network security measures that can be used to protect against ransomware.


The original guest post was published on the ICS cyber security blog.

Translated by DeepL.