Old industrial control systems have been increasingly targeted by ransomware attacks. A Trend Micro study points out that activity is a growing and worrisome threat to these networks and that there has been an increase in this practice over the past year.

In this type of attack, the criminal hijacks the data from the systems and requests the payment of a ransom to release it. As the main motive for these actions is to make money, attacking platforms that operate factories and other production environments is almost guaranteed to be paid.

These networks, as well as those that operate water and electricity distribution services, must always be functional. And the longer they are down, the more disruption they cause. “Industrial control systems of national infrastructure, production and other units are easy targets, as many still have old operating systems and outdated applications. An infection can cause days or even weeks to shut down,” says Bharat Mistry, technical director at Trend Micro.

Attacks can affect consumers

A recent example is the lawsuit against JBS, which brought in $11 million in bitcoins to attackers. The attack on the Colonial Pipeline pipeline, in turn, paralyzed fuel distribution in the US and directly affected consumers.

The Trend Micro survey points the US as the country with the most incidents in industrial control systems. Then come India, Taiwan and Spain. For attacks, cybercriminals have used different ransonware, but four families are the most present: they are in more than half of the actions. They are Ryuk, Nefilm, REvil (also known as Sodinokibi) and LockBit.

Some recommendations can help protect these systems. These include updating systems with security fixes to prevent cybercriminals from exploiting known vulnerabilities. In cases where this update is not possible, one option is to segment the network to separate vulnerable systems from those connected to the internet.

Another suggestion is to use strong credential name combinations that are not easily discovered in brute force attacks. Adopting two-step authentication also helps make systems more secure against unauthorized user entry.