X Close
Product Security Advisory
Ransomware and Your Building Automation System
> Print Version

What is “Ransomware”?

Ransomware is a relatively new and enhanced form of malware and is the fastest-growing malware infecting computer systems, with a 35% increase in attacks from 2014-2015 according to Symantec. Malware is any piece of executable software code designed to cause a computer system to perform in a way it was not intended to perform and includes things such as viruses, trojans, worms, and spyware. Once downloaded onto a computer system, which can include building automation systems, ransomware begins encrypting data files. When all data files are encrypted and a user attempts to access the system, a text box “pop-up” is displayed demanding that a “ransom” be paid (Bitcoin currency or some other form of payment) in order for files to be unencrypted and data returned. It may also destroy log files.

How could ransomware impact a Building Automation System (BAS) or devices?

The Industrial Control System Computer Emergency Response Team, or ICS-CERT for short, has published materials indicating that embedded control systems in our critical infrastructure have fallen victim to ransomware attacks. Ransomware attacks building automation systems the same as it does other embedded controls systems, by attacking the operating system of the server. With critical files such as configuration and database files inaccessible, the BAS can no longer function normally, requiring a restoration from known good backups and a fresh operating system installed.

What can customers do to keep their building automation systems clear of ransomware?

The following security precautions are recommended to help prevent not just Ransomware infections, but in mitigating a variety of negative security events:

  1. Keep your Metasys® system up to date with the latest software revision and patches. This includes Johnson Controls software, Windows Operating System Patches and third party applications. Each revision of Metasys® provides stronger cybersecurity controls to keep pace with today’s threats.
  2. The BAS should be deployed on a private network and protected from the internet by a firewall. If remote access is required, coordinate with your IT services team to design secure VPN access. Reference the appropriate Metasys® documentation on secure BAS configuration and appropriate network security precautions.
  3. Metasys® servers should never be used to access websites that are not required for the operation and management of the BAS system or network, or used for personal “internet surfing”, or checking e-mail.
  4. Consider installing anti-virus software on Metasys® servers and workstations. Current versions of Metasys® support two popular anti-virus software products. Up-to-date anti-virus is helpful in mitigating malware threats.
  5. Take steps to ensure that the system is backed up on a regular basis. Speak to your local Johnson Controls office regarding a software support or service agreement to help you keep your data backed up and secure.

For more information

Johnson Controls partners with various government computer emergency response teams (CERTS) who have recently released information on ransomware. Customers should review these and other published materials to stay informed on this topic. Consult your local Johnson Controls representative for more information on keeping your building automation system secure.

> Print Version