What is “Ransomware”?
Ransomware is a relatively new and enhanced form of malware and is the fastest-growing malware infecting computer systems, with a 35% increase in attacks from 2014-2015 according to Symantec. Malware is any piece of executable software code designed to cause a computer system to perform in a way it was not intended to perform and includes things such as viruses, trojans, worms, and spyware. Once downloaded onto a computer system, which can include building automation systems, ransomware begins encrypting data files. When all data files are encrypted and a user attempts to access the system, a text box “pop-up” is displayed demanding that a “ransom” be paid (Bitcoin currency or some other form of payment) in order for files to be unencrypted and data returned. It may also destroy log files.
How could ransomware impact a Building Automation System (BAS) or devices?
The Industrial Control System Computer Emergency Response Team, or ICS-CERT for short, has published materials indicating that embedded control systems in our critical infrastructure have fallen victim to ransomware attacks. Ransomware attacks building automation systems the same as it does other embedded controls systems, by attacking the operating system of the server. With critical files such as configuration and database files inaccessible, the BAS can no longer function normally, requiring a restoration from known good backups and a fresh operating system installed.
What can customers do to keep their building automation systems clear of ransomware?
The following security precautions are recommended to help prevent not just Ransomware infections, but in mitigating a variety of negative security events: