Defending your operations environment against ransomware
Ransomware has become an increasing threat to industrial organizations for both IT and OT environments. Since 2018, ransomware incidents against industrial infrastructure grew over 500%1.
Safeguarding OT from the disruptive impacts of ransomware
Historically, organizations have invested in prevention-based controls like firewalls, patching, antivirus, and authentication. But as industries transform and environments become more connected, companies realize these prevention controls aren’t applied everywhere or atrophy over time.
Ransomware can directly impact OT, and even when it cripples the IT network, industrial processes can be impacted by forcing operators to temporarily halt OT operations as a precaution. With the increasing dependencies between operational systems and business systems, delineating and separating between the two environments becomes difficult, and halting operations may be the safest choice.
Ransomware continues to evolve and add mechanisms within its code targeting devices that control industrial processes: such as HMIs, data historians, and licensing servers. Because ransomware, such as EKANS, has the potential to be particularly disruptive to industrial operations, organizations must consider what they can do to defend against this growing OT threat.
A cohesive approach to securing OT ensures you’ll stay ahead of ransomware threats
In working with hundreds of industrial organizations, Dragos has developed a tried and tested approach to helping our customers defend against, or respond to, disruptive ransomware incidents in their operations environments.
To begin with, we recommend an Architecture Review, which will inform you of the prime locations to monitor in your OT environment and to ensure that it’s adequately segmented from your IT network and the internet. A Tabletop Exercise, facilitated by our industrial consultants, will bring your IT and operations teams together to run through a simulated ransomware attack against your OT environment. In these exercises, our team leverages intelligence on ICS-targeting activity groups to create a realistic scenario based on real adversary tradecraft.
Finally, we recommend an ICS visibility and monitoring solution to better understand your network architecture and validate the preventive controls ensuring they are applied everywhere you would expect. Using a continuous monitoring technology, you will also know when these preventive controls are no longer effective due to unanticipated equipment being connected, unplanned changes in firewall rules, and other events that occur in order to support the organization’s mission. For full coverage, these monitoring solutions can also detect early threat behaviors and indicators of ransomware groups and adversary activity in your environment. In the event a cyber incident is declared, our Incident Response (IR) team is ready to respond when you need us, or available on a retainer (IRR) basis.
Want to see Dragos in Action?