in 2017 there have been several waves of ransomware which have not only affected corporate networks, but have come to hit (hard) even networks and applications in the factory, with even very expensive production stops, as well as damage and dangers to people, systems and certainly the reputation of the companies and organizations that have been involved.
For other contributions in the field of Industrial Cyber Security click here
Wannacry and Pethya shut down plants in many countries (74 globally, from a first, non-exhaustive count, including Italy!). Here is a partial but significant inventory of the victims and the damage caused around the world, at least those that ended up in the media:
- Car factories of Renault-Nissan, with the closure of their largest plant in France: https://www.marketwatch.com/story/wannacry-attack-hits-renault-200000-plus-victims-2017-05-15
- Hospitals and operating theaters in the UK: http://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-know-biggest-ransomware-offensive/
- Railways and stations in GermanyDeutsche Bahn: http://www.telegraph.co.uk/news/2017/05/13/cyber-attack-hits-german-train-stations-hackers-target-deutsche/
- The Spanish Telco Telefonica: https://www.wired.com/2017/05/ransomware-meltdown-experts-warned/
- Bengal Electric Company West and Kerala, India: http://www.hindustantimes.com/india-news/wannacry-ransomware-attack-hits-computers-in-west-bengal-and-kerala/story-6D7EuitQohR9tRifRkGiRK.html
- The multinational freight forwarder FedEx: https://www.washingtonpost.com/news/the-switch/wp/2017/06/28/fedex-delivery-unit-hit-by-worldwide-cyberattack/?utm_term=.3e8308af5f08
- Japanese industrial giant Hitachi: https://www.marketwatch.com/story/wannacry-attack-hits-renault-200000-plus-victims-2017-05-15
- The Russian Interior Ministry: https://www.marketwatch.com/story/wannacry-attack-hits-renault-200000-plus-victims-2017-05-15
- Another car factory, Honda: https://www.forbes.com/sites/peterlyon/2017/06/22/cyber-attack-at-honda-stops-production-after-wannacry-worm-strikes/#551edd1b5e2b
- 55 Cameras/Speed Cameras on Australian roads: https://www.theguardian.com/australia-news/2017/jun/22/traffic-cameras-in-victoria-infected-by-wannacry-ransomware
- The aforementioned multinational drug company Merck: https://www.epmmagazine.com/news/merck-reveals-loses-in-sales-due-to-cyber-attack/
- APMoller-Maersk, one of the largest naval fleets for the transport of goods: https://www.forbes.com/sites/leemathews/2017/08/16/notpetya-ransomware-attack-cost-shipping-giant-maersk-over-200-million/#3e3363234f9a
- The French multinational glass company Saint-Gobain: http://www.thehindubusinessline.com/companies/petyahit-saintgobain-says-its-gst-ready/article9743769.ece
- The Russian oil and gas company, Rosneft: https://www.bloomberg.com/news/articles/2017-06-27/ukraine-russia-report-ransomware-computer-virus-attacks
- The ill-fated Chernobyl Nuclear Power Plant: http://www.ilsole24ore.com/art/mondo/2017-06-27/attacco-hacker-colpisce-l-ucraina-coinvolta-anche-chernobyl-161552.shtml?uuid=AEapb3mB
… and many more.
These "cyber incidents" have shown that no one is perfect and many/all can be victims: you don't need to be a company of such a size that you go to the media to make noise. Unfortunately, even in many Italian SMEs, these ransomware campaigns have sometimes caused very substantial damage, forcing plant shutdowns and loss of data, sometimes essential for the Company. Not to mention costs and times for restarts which have sometimes highlighted gaps in procedures and systems not prepared for this type of event.
For these and many other reasons, we have decided in ServiTecno to launch messages regarding not only OT Cyber Security, but the importance of Business Continuity: a theme on which we have built both awareness activities but also specific trainings, supported by a series of products and solutions specifically designed, distributed and supported to make plants "High Availability".