ransomware

This article began as an overview of the Colonial Pipeline incident. However, the events unfolded so rapidly that the scope of the publication has gone beyond a single incident.

An incident investigation conducted by Kaspersky ICS CERT experts at one of the attacked enterprises revealed that attacks of the Cring ransomware exploit a vulnerability in FortiGate VPN servers.

The infection affected the facility’s corporate network and industrial control systems that control cargo transfer. The primary operations of the facility were shut down for over 30 hours

Emotet was distributed via phishing emails and was used to deploy ransomware

On March 19 2019 Norsk Hydro, one of the world’s largest aluminum producers revealed that ransomware had been used in an attack against them.

According to our telemetry, we see evidence that many industrial companies are being attacked by ExPetr (Petya) malware. While there were examples of actual industrial control systems being affected, in most cases it was only the business networks were affected. According to our data, at least 50% of the companies being attacked are manufacturing and oil & gas enterprises.

During the period from 12 to 15 May 2017, numerous companies across the globe were attacked by a network cryptoworm called WannaCry. The worm’s victims include various manufacturing companies, oil refineries, city infrastructure objects and electrical distribution network facilities.

The “WannaCry” outbreak has being reported on May 12 2017 by many independent sources all over the World. Based on KL ICS CERT live reports we decided to warn industrial organizations that they might indirectly become a victims of this widespread attack.