Security News > 2021 > June > CISA Warns of Threat Posed by Ransomware to Industrial Systems
Following the devastating attack on Colonial Pipeline, the largest refined products pipeline in the United States, the Cybersecurity and Infrastructure Security Agency released a fact sheet focusing on the threat posed by ransomware to operational technology assets and industrial control systems.
Learn more about threats to industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
The 3-page fact sheet released by CISA last week provides a summary of the steps organizations should take to improve their resilience against ransomware attacks.
Having an incident response plan and regularly exercising it, and having backups that are isolated from systems that could be hit by ransomware are also recommended.
When it comes to responding to ransomware attacks that may impact ICS, the agency recommends a series of steps that include determining which systems are impacted and isolating them, disconnecting or shutting down impacted devices to prevent the ransomware from spreading, triaging affected systems for restoration and recovery, conducting an initial investigation, and engaging internal and external parties for assistance.
If none of the initial mitigation actions appear possible, CISA recommends collecting system images, memory dumps and other digital evidence, and consulting law enforcement to find out if a decryptor is available for the ransomware that targeted them.