Do You Have Contingency Plans for Ransom-Based Hacking?

Posted: November 19^th 2020

As IoT installations expand, so too do opportunities for unscrupulous actors to breach the systems of any company that relies on frequently updated data and requires a high level of reliable uptime. While motives for hacking are varied, one increasingly worrisome trend is a form of cyber espionage known as ransomware. Ransomware is a form of hacking that uses software to lock operators out of their computers or otherwise obscure data until a ransom has been paid - generally in cryptocurrency such as Bitcoin.

Ransomware has become a lucrative from of hacking, earning hackers anywhere from 25 to 50 million per year, according to the FBI. Major targets so far have included hospitals, casinos, and hotels, and it is beginning to overtake credit card theft as a large source of income for cybercriminals.

But even industrial control systems and critical infrastructure may be at risk, due to industry demands for reliability and the need for real-time data. Unplanned downtime can result in huge losses, or even pose dangers to worker safety.

While most ransomware currently being circulated cannot infect SCADA or HMI systems directly, it has the potential to shut down Windows computers the software runs on. For example, operators at a water treatment plant may lose the ability to see and interact with their data because the computer hosting the software has been locked down with ransomware. It may not shut the system down, but it may become impossible to control the process due to lack of access. In some industries, such as nuclear energy, an infection of ransomware is enough to send a plant into an automated shutdown.

Have a Backup Plan (Literally and Figuratively)

The best way to avoid ransomware is to practice good cybersecurity habits and enforce them. This means gaps and firewalls between control and IT networks, good company policy that prevents operators from clicking suspect links or visiting dangerous websites on company machines. It means protecting the system from personal mobile devices, and ensuring that patches and software updates are installed regularly.

However, in the event that you are breached with ransomware, frequent backups may help provide a contingency plan. Backups that can be uploaded automatically to the cloud will help prevent ransomware from infecting local shared network drives. Any hard drives or computers used for backups should be connected only when backing up information and then disconnected when it is complete. Multiple forms of backups will help ensure that reports, records, recipes, and other process data are available in the event that operators are locked out of the system.

AVEVA Edge offers multiple ways to ensure you can still access your process with thin clients. The Secure Viewer Thin Client might prove a good solution for safely accessing your SCADA or HMI on a ‘clean’ machine. Using the Studio Mobile Access client would also allow operators to access machines via web browsers that support HTML5.

If an infection occurs, it’s also important to have protocols in place that will allow you to disconnect infected computers to prevent the infection from spreading to the entire network.

Looking for an industrial software vendor that puts security first? Learn more about AVEVA Edge.