Ransomware was considered till date as a malicious software which only infects computer systems on a network and locks them from being accessed by the administrator. But can you ever imagine that the so-called virus can also be used to poison your town’s water supply if you don’t pay up..?
Yes, you’ve read it right. Researchers from Georgia Tech have created a new form of ransomware which can specifically target industrial systems and can also be used to poison an entire town’s water supply.
David Formby, a Ph.D. student and Security Researcher at Georgia Institute of Technology has conducted an experiment to warn the industry against the dreaded ransomware.
Last year, Formby conducted an experiment on a simulated water treatment system which is controlled by Programmable Logical Controllers- shortly called as PLCs. In January’17, he documented the entire process and has distributed a White Paper on his latest logic on Monday at the RSA Cyber Security Conference, San Francisco.
In his document, David warned the entire industry against the danger of poorly secured PLCs. He said that these dedicated computing devices can be used to control a water treatment plant in either way as they are often managed by third party vendors, who are hired to maintain them via the internet. Hence, this concludes the fact that almost all industrial PLCs are technically connected to the internet and so are also accessible online.
And so, Cyber criminals could easily take down these systems with ransomware or use the malicious software to hold data hostage in exchange for bitcoins.
If the utility head fails to pay them the said ransom, then hackers can use the malicious software on the PLCs which usually control the flow of Chlorine for treating water.
Note- Remember, if we dilute Chlorine more than the required quantity of water, then it can turn drinking water into poison.
So, if cyber crooks take control of the PLCs, then they can control the flow of water and chlorine sent into the town’s water storage facility and can poison the entire water meant for supply.
Likewise, Formby said that hackers can also take hold of the industrial systems like power grid transformers and damage it to such an extent that it can take months to repair.
On a final note, David Formby has come up with only one recommendation which says that industrial operators should make sure that they realize which systems connect to the web, and who should have the control rights over them.
If they do not have this basic understanding, then they could put the lives of the innocent populace at a very high risk.