Home / Posts with tag "ransomware"


Threat landscape for industrial automation systems. Statistics for H1 2021

09 September 2021

In H1 2021, the percentage of ICS computers on which malicious objects were blocked was 33.8%, which was 0.4 p.p. more than in H2 2020.
DarkChronicles: the consequences of the Colonial Pipeline attack

21 May 2021

This article began as an overview of the Colonial Pipeline incident. However, the events unfolded so rapidly that the scope of the publication has gone beyond a single incident.
Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacks

07 April 2021

An incident investigation conducted by Kaspersky ICS CERT experts at one of the attacked enterprises revealed that attacks of the Cring ransomware exploit a vulnerability in FortiGate VPN servers.
Ryuk ransomware attacks unnamed US maritime transportation facility

30 December 2019

The infection affected the facility’s corporate network and industrial control systems that control cargo transfer. The primary operations of the facility were shut down for over 30 hours
German cities under attack by Emotet botnet

24 December 2019

Emotet was distributed via phishing emails and was used to deploy ransomware
Metallurgical giant Norsk Hydro attacked by encrypting malware

22 March 2019

On March 19 2019 Norsk Hydro, one of the world’s largest aluminum producers revealed that ransomware had been used in an attack against them.
More than 50% of organizations attacked by ExPetr (Petya) cryptolocker are industrial companies

29 June 2017

According to our telemetry, we see evidence that many industrial companies are being attacked by ExPetr (Petya) malware. While there were examples of actual industrial control systems being affected, in most cases it was only the business networks were affected. According to our data, at least 50% of the companies being attacked are manufacturing and oil & gas enterprises.
WannaCry on industrial networks: error correction

22 June 2017

During the period from 12 to 15 May 2017, numerous companies across the globe were attacked by a network cryptoworm called WannaCry. The worm’s victims include various manufacturing companies, oil refineries, city infrastructure objects and electrical distribution network facilities.
WannaCry ransomware widespread attack may indirectly hit Industrial organizations

14 May 2017

The “WannaCry” outbreak has being reported on May 12 2017 by many independent sources all over the World. Based on KL ICS CERT live reports we decided to warn industrial organizations that they might indirectly become a victims of this widespread attack.