Ransomware and IIoT devices – is there really a threat?

Ransomware and IIoT devices – is there really a threat?

Posted by: | Posted on: Wednesday, November 13, 2019

The cybersecurity firm, Recorded Future, which tracks cyberattacks on healthcare organizations and government entities, claims that there have been more than 140 ransomware attacks against state and local governments and health care providers in 2019 alone. Those 140+ cyberattacks held the computers, IT systems and data of schools, health systems, police stations, hospitals, libraries and other community institutions hostage until a ransom was received. The worst part? That statistic doesn’t include ransomware attacks against private companies and enterprises.

Ransomware is a particularly malicious form of cyberattack that encrypts data and denies access to IT systems and applications that are necessary for an organization to function. The keys to those systems are then dangled in front of an organization until they succumb to the pressures of not being able to operate and pay a ransom for them. And it’s becoming increasingly common. Did you hear about the recent ransomware attack on a Mississippi school district?

The reason for it is simple – profit. Cyber criminals are looking to make cash quickly and in larger quantities that they can get from individuals. This is often referred to as “Big Game Hunting.” And, as Dennis Egan, the Director of Healthcare East for cybersecurity company, CrowdStrike, recently explained in GovCyberHub, it can be very profitable. In fact, it can be so profitable that some malicious actors will even team up to execute ransomware attacks. According to Dennis:

“The concept of “Big Game Hunting” can be explained by the fact that the adversary, or adversaries, are executing on a more intricate and strategic campaign targeting larger organizations for a higher ransom return. It is also fairly common now for smaller, individual e-crime adversaries to band together in a more coordinated effort, effectively commercializing their attack methodologies.”

The idea of individual hackers and hacker groups banding together to extort money from organizations is a frightening one. And it’s something that should be of particular concern to companies, organizations and enterprises that rely on industrial and commercial equipment to do their jobs.

The IIoT – huge potential and bigger ransom risk
As we’ve discussed at length on the Modern Equipment Manufacturer, today’s original equipment manufacturers are under increasing pressure from their customers to make their devices smarter and more connected. This means that all kinds of commercial and industrial equipment is being designed and built that connects not only to building management systems (BMS), but also to the cloud.

This full article can be found on the Modern Equipment Manufacturer and is available here