RANSOMWARE IN INDUSTRIAL CONTROL SYSTEMS. WHAT COMES AFTER WANNACRY AND PETYA GLOBAL ATTACKS?

摘要

The cyber security of critical global infrastructures was tested last May 12nd with the global attack via Wannacry, a technically simple Ransomware that used an old Windows operating system vulnerability to propagate. Although it was an important attack and with serious consequences, it was an attack that could be restrained with the use of basic countermeasures like the simple update of the Windows operating system. This paper aims to detail the serious consequences of a Ransomware infection in critical infrastructure Industrial Control Systems networks. The work was developed based on the good practices of ANSI / ISA-99 (current IEC 62443) and aims to raise the awareness of global companies regarding the immediate need for investments in cyber security in industrial networks. To illustrate the consequences of a Ransomware attack on industrial control systems, case studies of two attacks on Brazilian industrial control systems were listed. The first attack occurred in a furniture factory and the second in a control center of a major power utility. In both cases this study detailed the type of Malware used, the consequences of the attack, financial losses and countermeasures made to return to operation. The conclusion of the work sparks reflection on what is to come after the Wannacry and Petya global attacks, mentioning the new ones that are being developed at this time, and what impact should be expected if these new attacks hit critical infrastructure networks with low level of cyber security implemented.