Security News > 2020 > July > Seven Ransomware Families Target Industrial Software
A total of seven ransomware families have been found to target processes associated with operational technology software, and FireEye this week published an analysis of these pieces of malware.
Many ransomware families are designed to kill certain types of running processes.
The second list, which targets 1,425 processes, has only been found to be used by the CLOP ransomware.
While the first list targets only a couple dozen ICS processes, mainly associated with the GE Proficy solution, the second list targets over 150 processes related to industrial products, including Siemens SIMATIC WinCC, Beckhoff TwinCAT, National Instruments data acquisition software, Kepware KEPServerEX, and the OPC communications protocol.
"While it is likely the physical processes this software controls would continue to operate even if the software processes were terminated unexpectedly, stopping the software processes included in the CLOP sample's kill list could result in the loss of view/control over those physical processes due to the inability of operators to interact with the equipment. This can be caused not only by the ransomware's disruption of intermediary systems, but also by the loss of access to relevant files on HMIs/EWS required for the operation of process control and monitoring software-for example configurations or project files. This could prolong the mean time to recovery of impacted environments without offline backups," the cybersecurity firm added.