67:
Cyber-criminals ample time to attempt the compromise of the PLC. PLCs generally do not have strong authentication mechanisms in place to assist in protecting themselves from potential attack. Initial infection could take place through a users clicking of a potentially malicious email attachment. Upon initial infection of the PLC, horizontal or vertical movement can be achieved from the PLC to the corporate network depending on the capabilities of the PLC. The next stage of the attack is locking in which the attacker locks out legitimate users to inhibit or prevent restoration efforts. This can be done through password changes, OEM Locking, over-utilization of PLC resources or changing IP/Ports. These different locking methods offer varying degrees of success and strengths. To further ensure a successful attack
Encryption is employed to follow traditional cryptoransomware practices for future negotiations. Lastly, negotiations are conducted between the attacker and victim for service restoration. Some PLCs contain an email capability that can be used to send the ransom message as was the case with the MicroLogix 1400 PLC used in the proof-of-concept attack.
50:(ICS). First described in a research paper released by the Georgia Institute of Technology, the malware is capable of hijacking multiple PLCs from various popular vendors. The researchers, using a water treatment plant model, were able to demonstrate the ability to display false readings, shut valves and modify Chlorine release to poisonous levels using a Schneider Modicon M241, Schneider Modicon M221 and an Allen Bradley MicroLogix 1400 PLC. The ransomware is designed to bypass weak authentication mechanisms found in various PLCs and lock out legitimate users while planting a
28:
20:
66:
The attack method used with LogicLocker employs five stages. Initial infection, Horizontal and
Vertical movement, locking, encryption and negotiation. Initial infection can take place through various vulnerability exploits. As ICS devices are typically in an always on state, this gives
98:
Increased and vigilant network monitoring should be used to detect abnormalities. Protocol whitelisting on firewalls, network segmentation and automated backups can provide additional security and provide decreased restoration time provided the backups are not compromised in the attack.
603:
623:
54:
into the PLC. As of 14 February 2017, it is noted that there are over 1,400 of the same PLCs used in the proof-of-concept attack that were accessible from the internet as found using
289:
775:
315:
593:
537:
90:(ACL), maintaining proper backups and firmware updates should be used. This can significantly reduce the attack surface presented cyber-criminals.
111:
emails, prohibition of USB devices and incorporating a comprehensive incident response plan should be used to assist in countering this threat.
583:
352:
707:
1121:
588:
1255:
1237:
738:
516:
282:
1261:
787:
748:
383:
562:
1321:
1267:
842:
733:
159:
Formby, D., Durbha, S., & Beyah, R. (n.d.). Out of
Control : Ransomware for Industrial Control Systems. Retrieved from
669:
506:
408:
1773:
728:
501:
608:
320:
310:
275:
43:
1482:
872:
659:
598:
557:
455:
177:
977:
712:
475:
1768:
1666:
1007:
862:
654:
547:
491:
1147:
1116:
743:
47:
1285:
852:
770:
676:
649:
75:
To assist in defense and vulnerability mitigation efforts there are several strategies that can be employed.
1758:
1441:
1105:
578:
511:
357:
1315:
1171:
1002:
664:
192:
1456:
1291:
1075:
439:
221:
27:
1219:
1100:
812:
521:
470:
465:
1763:
1718:
1590:
618:
434:
87:
86:
techniques such as password changes, disabling of unused ports and protocols and implementation of
1728:
1723:
1620:
1249:
1012:
938:
628:
429:
120:
247:
1733:
1615:
1585:
1189:
1045:
403:
367:
83:
1661:
1513:
1436:
1085:
1022:
897:
346:
1671:
1646:
1610:
1538:
1451:
1446:
1090:
882:
792:
496:
1410:
1405:
1095:
1080:
1070:
1065:
997:
972:
967:
962:
907:
362:
1752:
1533:
992:
951:
947:
943:
1477:
1431:
1231:
1195:
1050:
1040:
933:
928:
923:
797:
613:
542:
197:
1713:
1703:
1559:
1503:
1415:
1364:
1225:
1055:
782:
413:
19:
1656:
1641:
1569:
1359:
1309:
1213:
1165:
1141:
1129:
987:
912:
902:
892:
877:
837:
762:
393:
160:
51:
39:
1687:
1564:
1528:
1518:
1390:
1207:
957:
887:
827:
388:
1595:
1523:
1508:
1327:
1303:
1177:
1159:
1060:
982:
817:
802:
702:
681:
460:
222:"Proof-of-concept ransomware locks up the PLCs that control power plants"
108:
1625:
1498:
1461:
1395:
1374:
1344:
1297:
1279:
1201:
1135:
917:
832:
822:
807:
267:
125:
1708:
1600:
1554:
1369:
1183:
1153:
1032:
1017:
847:
686:
398:
248:"This Ransomware Malware Could Poison Your Water Supply If Not Paid"
1333:
1273:
1243:
552:
26:
18:
1605:
1400:
644:
271:
178:"A Malware Experiment Foreshadows Factories Held for Ransom"
584:
55:
16:
Ransomware worm targeting industrial control systems
1696:
1680:
1634:
1578:
1547:
1491:
1470:
1424:
1383:
1352:
1343:
1114:
1031:
861:
761:
721:
695:
637:
571:
530:
484:
448:
422:
376:
339:
332:
193:"Meet LogicLocker: Boffin-built SCADA ransomware"
624:Russian interference in the 2016 U.S. elections
107:The training of employees to properly identify
283:
8:
594:Democratic National Committee cyber attacks
161:http://www.cap.gatech.edu/plcransomware.pdf
31:Allen Bradley Programmable Logic Controller
1349:
538:Office of Personnel Management data breach
336:
290:
276:
268:
137:
191:Chirgwin, Richard (15 February 2017).
7:
216:
214:
172:
170:
168:
155:
153:
151:
149:
147:
145:
143:
141:
589:Commission on Elections data breach
23:Programmable Logic Controller Rack
14:
749:Jeff Bezos phone hacking incident
1322:Microarchitectural Data Sampling
558:Ukrainian Power Grid Cyberattack
466:Cyberterrorism attack of June 25
670:2017 Ukraine ransomware attacks
507:2014 JPMorgan Chase data breach
502:2014 celebrity nude photo leak
44:Programmable Logic Controllers
1:
739:Bulgarian revenue agency hack
517:Russian hacker password theft
873:Bangladesh Black Hat Hackers
349:(publication of 2009 events)
734:Baltimore ransomware attack
1790:
1008:Tailored Access Operations
655:WannaCry ransomware attack
548:Ashley Madison data breach
492:Anthem medical data breach
409:PlayStation network outage
48:Industrial Control Systems
744:WhatsApp snooping scandal
609:Indian Bank data breaches
303:
1286:Speculative Store Bypass
853:Ukrainian Cyber Alliance
650:2017 Macron e-mail leaks
660:Westminster data breach
579:Bangladesh Bank robbery
522:2014 Yahoo! data breach
512:2014 Sony Pictures hack
471:2013 Yahoo! data breach
456:South Korea cyberattack
358:Operation Olympic Games
353:Australian cyberattacks
1003:Syrian Electronic Army
713:SingHealth data breach
476:Singapore cyberattacks
414:RSA SecurID compromise
32:
24:
1774:Cryptographic attacks
1292:Lazy FP state restore
1076:Kristoffer von Hassel
729:Sri Lanka cyberattack
599:Vietnam Airport Hacks
440:Operation High Roller
30:
22:
1238:Silent Bob is Silent
298:Hacking in the 2010s
88:Access Control Lists
38:, is a cross-vendor
1172:SS7 vulnerabilities
708:Atlanta cyberattack
677:Equifax data breach
435:Stratfor email leak
384:Canadian government
363:Operation ShadowNet
246:Khandelwal, Swati.
180:. 16 February 2017.
1621:Petya and NotPetya
1250:ROCA vulnerability
1013:The Shadow Brokers
939:Iranian Cyber Army
865:persistent threats
665:Petya and NotPetya
629:2016 Bitfinex hack
604:DCCC cyber attacks
563:SWIFT banking hack
121:Pin control attack
71:Defense strategies
42:worm that targets
33:
25:
1769:2017 in computing
1746:
1745:
1742:
1741:
1734:ZeroAccess botnet
1046:Mustafa Al-Bassam
813:New World Hackers
776:associated events
757:
756:
553:VTech data breach
404:Operation AntiSec
368:Operation Payback
327:
326:
84:Endpoint security
79:Endpoint security
1781:
1350:
1023:Yemen Cyber Army
347:Operation Aurora
337:
306:
305:
292:
285:
278:
269:
262:
261:
259:
258:
243:
237:
236:
234:
233:
218:
209:
208:
206:
205:
188:
182:
181:
174:
163:
157:
94:Network security
1789:
1788:
1784:
1783:
1782:
1780:
1779:
1778:
1749:
1748:
1747:
1738:
1692:
1676:
1630:
1574:
1543:
1487:
1466:
1420:
1379:
1339:
1119:
1117:vulnerabilities
1110:
1027:
920:(confederation)
883:Charming Kitten
864:
857:
793:Goatse Security
753:
717:
691:
682:Deloitte breach
633:
619:Dyn cyberattack
567:
526:
497:Operation Tovar
480:
444:
418:
372:
333:Major incidents
328:
299:
296:
266:
265:
256:
254:
252:The Hacker News
245:
244:
240:
231:
229:
220:
219:
212:
203:
201:
190:
189:
185:
176:
175:
166:
158:
139:
134:
117:
105:
96:
81:
73:
64:
46:(PLCs) used in
17:
12:
11:
5:
1787:
1785:
1777:
1776:
1771:
1766:
1761:
1759:Computer worms
1751:
1750:
1744:
1743:
1740:
1739:
1737:
1736:
1731:
1726:
1721:
1716:
1711:
1706:
1700:
1698:
1694:
1693:
1691:
1690:
1684:
1682:
1678:
1677:
1675:
1674:
1669:
1664:
1659:
1654:
1649:
1644:
1638:
1636:
1632:
1631:
1629:
1628:
1623:
1618:
1613:
1608:
1603:
1598:
1593:
1588:
1582:
1580:
1576:
1575:
1573:
1572:
1567:
1562:
1557:
1551:
1549:
1545:
1544:
1542:
1541:
1536:
1531:
1526:
1521:
1516:
1511:
1506:
1504:Black Energy 3
1501:
1495:
1493:
1489:
1488:
1486:
1485:
1480:
1474:
1472:
1468:
1467:
1465:
1464:
1459:
1454:
1449:
1444:
1439:
1434:
1428:
1426:
1422:
1421:
1419:
1418:
1413:
1411:Metulji botnet
1408:
1403:
1398:
1393:
1387:
1385:
1381:
1380:
1378:
1377:
1372:
1367:
1365:Black Energy 2
1362:
1356:
1354:
1347:
1341:
1340:
1338:
1337:
1331:
1325:
1319:
1313:
1307:
1301:
1295:
1289:
1283:
1277:
1271:
1265:
1259:
1253:
1247:
1241:
1235:
1229:
1223:
1220:Broadcom Wi-Fi
1217:
1211:
1205:
1199:
1193:
1187:
1181:
1175:
1169:
1163:
1157:
1151:
1145:
1139:
1133:
1126:
1124:
1112:
1111:
1109:
1108:
1103:
1098:
1093:
1088:
1083:
1081:Junaid Hussain
1078:
1073:
1071:Jeremy Hammond
1068:
1066:Elliott Gunton
1063:
1058:
1053:
1048:
1043:
1037:
1035:
1029:
1028:
1026:
1025:
1020:
1015:
1010:
1005:
1000:
998:Stealth Falcon
995:
990:
985:
980:
975:
973:PLA Unit 61486
970:
968:PLA Unit 61398
965:
963:Numbered Panda
960:
955:
941:
936:
931:
926:
921:
915:
910:
908:Equation Group
905:
900:
895:
890:
885:
880:
875:
869:
867:
859:
858:
856:
855:
850:
845:
840:
835:
830:
825:
820:
815:
810:
805:
800:
795:
790:
785:
780:
779:
778:
767:
765:
759:
758:
755:
754:
752:
751:
746:
741:
736:
731:
725:
723:
719:
718:
716:
715:
710:
705:
699:
697:
693:
692:
690:
689:
684:
679:
674:
673:
672:
662:
657:
652:
647:
641:
639:
635:
634:
632:
631:
626:
621:
616:
611:
606:
601:
596:
591:
586:
581:
575:
573:
569:
568:
566:
565:
560:
555:
550:
545:
540:
534:
532:
528:
527:
525:
524:
519:
514:
509:
504:
499:
494:
488:
486:
482:
481:
479:
478:
473:
468:
463:
458:
452:
450:
446:
445:
443:
442:
437:
432:
426:
424:
420:
419:
417:
416:
411:
406:
401:
399:HBGary Federal
396:
391:
386:
380:
378:
374:
373:
371:
370:
365:
360:
355:
350:
343:
341:
334:
330:
329:
325:
324:
318:
313:
304:
301:
300:
297:
295:
294:
287:
280:
272:
264:
263:
238:
210:
183:
164:
136:
135:
133:
130:
129:
128:
123:
116:
113:
104:
101:
95:
92:
80:
77:
72:
69:
63:
60:
15:
13:
10:
9:
6:
4:
3:
2:
1786:
1775:
1772:
1770:
1767:
1765:
1762:
1760:
1757:
1756:
1754:
1735:
1732:
1730:
1727:
1725:
1722:
1720:
1717:
1715:
1712:
1710:
1707:
1705:
1702:
1701:
1699:
1695:
1689:
1686:
1685:
1683:
1679:
1673:
1670:
1668:
1665:
1663:
1660:
1658:
1655:
1653:
1650:
1648:
1645:
1643:
1640:
1639:
1637:
1633:
1627:
1624:
1622:
1619:
1617:
1614:
1612:
1609:
1607:
1604:
1602:
1599:
1597:
1594:
1592:
1589:
1587:
1584:
1583:
1581:
1577:
1571:
1568:
1566:
1563:
1561:
1558:
1556:
1553:
1552:
1550:
1546:
1540:
1537:
1535:
1534:Gameover ZeuS
1532:
1530:
1527:
1525:
1522:
1520:
1517:
1515:
1512:
1510:
1507:
1505:
1502:
1500:
1497:
1496:
1494:
1490:
1484:
1481:
1479:
1476:
1475:
1473:
1469:
1463:
1460:
1458:
1455:
1453:
1450:
1448:
1445:
1443:
1440:
1438:
1435:
1433:
1430:
1429:
1427:
1423:
1417:
1414:
1412:
1409:
1407:
1404:
1402:
1399:
1397:
1394:
1392:
1389:
1388:
1386:
1382:
1376:
1373:
1371:
1368:
1366:
1363:
1361:
1358:
1357:
1355:
1351:
1348:
1346:
1342:
1335:
1332:
1329:
1326:
1323:
1320:
1317:
1314:
1311:
1308:
1305:
1302:
1299:
1296:
1293:
1290:
1287:
1284:
1281:
1278:
1275:
1272:
1269:
1266:
1263:
1260:
1257:
1254:
1251:
1248:
1245:
1242:
1239:
1236:
1233:
1230:
1227:
1224:
1221:
1218:
1215:
1212:
1209:
1206:
1203:
1200:
1197:
1194:
1191:
1188:
1185:
1182:
1179:
1176:
1173:
1170:
1167:
1164:
1161:
1158:
1155:
1152:
1149:
1146:
1143:
1140:
1137:
1134:
1131:
1128:
1127:
1125:
1123:
1118:
1113:
1107:
1104:
1102:
1099:
1097:
1094:
1092:
1089:
1087:
1084:
1082:
1079:
1077:
1074:
1072:
1069:
1067:
1064:
1062:
1059:
1057:
1054:
1052:
1049:
1047:
1044:
1042:
1039:
1038:
1036:
1034:
1030:
1024:
1021:
1019:
1016:
1014:
1011:
1009:
1006:
1004:
1001:
999:
996:
994:
993:Rocket Kitten
991:
989:
986:
984:
981:
979:
976:
974:
971:
969:
966:
964:
961:
959:
956:
953:
949:
945:
944:Lazarus Group
942:
940:
937:
935:
932:
930:
927:
925:
922:
919:
916:
914:
911:
909:
906:
904:
901:
899:
896:
894:
891:
889:
886:
884:
881:
879:
876:
874:
871:
870:
868:
866:
860:
854:
851:
849:
846:
844:
841:
839:
836:
834:
831:
829:
826:
824:
821:
819:
816:
814:
811:
809:
806:
804:
801:
799:
796:
794:
791:
789:
786:
784:
781:
777:
774:
773:
772:
769:
768:
766:
764:
760:
750:
747:
745:
742:
740:
737:
735:
732:
730:
727:
726:
724:
720:
714:
711:
709:
706:
704:
701:
700:
698:
694:
688:
687:Disqus breach
685:
683:
680:
678:
675:
671:
668:
667:
666:
663:
661:
658:
656:
653:
651:
648:
646:
643:
642:
640:
636:
630:
627:
625:
622:
620:
617:
615:
612:
610:
607:
605:
602:
600:
597:
595:
592:
590:
587:
585:
582:
580:
577:
576:
574:
570:
564:
561:
559:
556:
554:
551:
549:
546:
544:
541:
539:
536:
535:
533:
529:
523:
520:
518:
515:
513:
510:
508:
505:
503:
500:
498:
495:
493:
490:
489:
487:
483:
477:
474:
472:
469:
467:
464:
462:
461:Snapchat hack
459:
457:
454:
453:
451:
447:
441:
438:
436:
433:
431:
430:LinkedIn hack
428:
427:
425:
421:
415:
412:
410:
407:
405:
402:
400:
397:
395:
392:
390:
387:
385:
382:
381:
379:
375:
369:
366:
364:
361:
359:
356:
354:
351:
348:
345:
344:
342:
338:
335:
331:
323: →
322:
319:
317:
314:
312:
309:←
308:
307:
302:
293:
288:
286:
281:
279:
274:
273:
270:
253:
249:
242:
239:
227:
223:
217:
215:
211:
200:
199:
194:
187:
184:
179:
173:
171:
169:
165:
162:
156:
154:
152:
150:
148:
146:
144:
142:
138:
131:
127:
124:
122:
119:
118:
114:
112:
110:
102:
100:
93:
91:
89:
85:
78:
76:
70:
68:
62:Attack method
61:
59:
57:
53:
49:
45:
41:
37:
29:
21:
1651:
1478:CryptoLocker
1232:DoublePulsar
1051:Cyber Anakin
1041:Ryan Ackroyd
934:Helix Kitten
929:Hacking Team
924:Guccifer 2.0
798:Lizard Squad
614:Surkov leaks
543:Hacking Team
255:. Retrieved
251:
241:
230:. Retrieved
228:. 2017-02-14
225:
202:. Retrieved
198:The Register
196:
186:
106:
97:
82:
74:
65:
35:
34:
1714:NetTraveler
1652:LogicLocker
1560:Hidden Tear
1457:Red October
1316:Dragonblood
1226:EternalBlue
1190:Stagefright
1056:George Hotz
1033:Individuals
783:CyberBerkut
226:Boing Boing
36:LogicLocker
1764:Ransomware
1753:Categories
1657:Rensenware
1642:BrickerBot
1570:TeslaCrypt
1360:Bad Rabbit
1310:Foreshadow
1214:Cloudbleed
1166:Row hammer
1148:Shellshock
1142:Heartbleed
1130:Evercookie
1106:The Jester
988:Red Apollo
948:BlueNorOff
918:GOSSIPGIRL
913:Fancy Bear
903:Elfin Team
898:DarkMatter
893:Dark Basin
878:Bureau 121
838:Teamp0ison
763:Hacktivism
394:DNSChanger
257:2017-02-20
232:2017-02-20
204:2017-02-20
132:References
40:ransomware
1688:VPNFilter
1565:Rombertik
1529:FinFisher
1519:DarkHotel
1483:DarkSeoul
1391:Coreflood
1256:BlueBorne
1208:Dirty COW
1122:disclosed
1120:publicly
958:NSO Group
888:Cozy Bear
828:PayPal 14
771:Anonymous
645:SHAttered
389:DigiNotar
52:logicbomb
1729:Titanium
1672:XafeCopy
1667:WannaCry
1596:KeRanger
1524:Duqu 2.0
1509:Carbanak
1328:BlueKeep
1304:SigSpoof
1262:Meltdown
1178:WinShock
1160:Rootpipe
1061:Guccifer
983:Pranknet
978:PLATINUM
952:AndAriel
863:Advanced
818:NullCrew
803:LulzRaft
703:Trustico
316:Timeline
115:See also
109:phishing
1626:X-Agent
1616:Pegasus
1499:Brambul
1462:Shamoon
1406:Kelihos
1396:Alureon
1375:Stuxnet
1345:Malware
1298:TLBleed
1280:Exactis
1268:Spectre
1202:Badlock
1136:iSeeYou
1101:Topiary
833:RedHack
823:OurMine
808:LulzSec
126:Stuxnet
1709:Joanap
1662:Triton
1601:Necurs
1591:Jigsaw
1586:Hitler
1555:Dridex
1514:Careto
1437:Dexter
1370:SpyEye
1336:(2019)
1330:(2019)
1324:(2019)
1318:(2019)
1312:(2018)
1306:(2018)
1300:(2018)
1294:(2018)
1288:(2018)
1282:(2018)
1276:(2018)
1270:(2018)
1264:(2018)
1258:(2017)
1252:(2017)
1246:(2017)
1240:(2017)
1234:(2017)
1228:(2017)
1222:(2017)
1216:(2017)
1210:(2016)
1204:(2016)
1198:(2016)
1192:(2015)
1186:(2015)
1184:JASBUG
1180:(2014)
1174:(2014)
1168:(2014)
1162:(2014)
1156:(2014)
1154:POODLE
1150:(2014)
1144:(2014)
1138:(2013)
1132:(2010)
1115:Major
1096:Track2
1018:xDedic
848:UGNazi
103:Policy
56:Shodan
1724:Tinba
1611:Mirai
1539:Regin
1452:Mahdi
1447:Flame
1432:Carna
1416:Stars
1334:Kr00k
1274:EFAIL
1244:KRACK
1196:DROWN
321:2020s
311:2000s
1719:R2D2
1704:Grum
1697:2019
1681:2018
1647:Kirk
1635:2017
1606:MEMZ
1579:2016
1548:2015
1492:2014
1471:2013
1425:2012
1401:Duqu
1384:2011
1353:2010
1091:Sabu
843:TDO
788:GNAA
722:2019
696:2018
638:2017
572:2016
531:2015
485:2014
449:2013
423:2012
377:2011
340:2010
1442:FBI
1086:MLT
950:) (
1755::
250:.
224:.
213:^
195:.
167:^
140:^
58:.
954:)
946:(
291:e
284:t
277:v
260:.
235:.
207:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.