General Buck Turgidson, Director of the Critical Infrastructure Security Operations Center (CI-SOC), told a press conference this morning that the ransomware attack on Mengele Pharma earlier this week used a variant of the WannaControl ransomware. He also noted that investigators working for CI-SOC discovered that the as yet unidentified attackers gained access to the warehouse facility control system via storage batteries associated with the rooftop solar array.
Turgidson told reporters: “There were significant changes made to the ransomware code. We do not believe at this time that those changes were made by Stasi Ehemalige, the authors of the original ransomware.” A manager at CI-SOC told me that there are indications that Stasi Ehemalige has been selling copies of their ransomware on the Dark Web.
A briefing document provided to reporters says that changes to the ransomware include the inclusion of a data exfiltration module as well as a tool specifically designed to make modifications to the programming of the Robotron Kühlsicherheit refrigeration safety system that is used at the facility. The report also notes that the manufacturing control system at the Mengele Pharma vaccine plant adjacent to the warehouse was also infected, but that it had not yet been shut down by the ransomware.
Dade Murphy, CTO at Dragonfire Cyber, said that his team supporting the CI-SOC investigation had been able to deconstruct the ransomware package that shut down the warehouse operations. “The new code that facilitated this particular attack,” Murphy told reporters, “has significant structural and coding differences that indicate that a different team of developers worked on the new modules. There are many similarities between the coding styles used here and that used in the ĀnquánShújīn PLC ransomware used in an attack earlier this summer.” Murphy was unable to explain why those coders would have used Stasi Ehemalige malware for this attack.
Murphy told reporters that they had found one of the affected freezers had an old-style circular chart recorder for temperature still working on the freezer. “This system with its dedicated thermocouple was unaffected by the attack. While the one-week chart had not been changed in a month we can clearly see that the temperature in the freezer rose to -30˚C for extended periods,” Murphy said; “If this chart had been tracked, the problem would have been detected in time to prevent the problems with vaccine storage conditions.”
The attack on the warehouse control system was initiated via the energy storage system associated with the roof top solar array. “The known vulnerability in the direct internet connection of the battery system was used to gain access to the facility maintenance network.” Murphy told reporters, “Once that network access was gained, it was relatively easy for the attackers to pivot into the building automation system and then into the warehouse refrigeration systems.”
Wolfgang Gerhard, President of Mengele Pharma told reporters that the solar system had apparently been installed before the vulnerability was reported. “We have been in contact with the contractor we used for that installation.” Gerhard said, “They are currently working on updating the system and mitigating that particular vulnerability.”
Wolfgang was able to update reporters on the effect of the refrigeration attack on the inventory of COVID-19 vaccine stored on the premises. Each box is equipped with a chemical temperature warning decal that changes color when the temperature rises above a set point. “We have examined each of the boxes in all five of the freezers on site,” Gerhard said; “About 80% of the indicators show that the packages had been exposed to temperatures above the -50˚C limit set by the Federal Drug Administration in their approval of the vaccine.” Mengele is turning over all of those cases to the FDA for study and disposal.
Clark Stanley, spokesperson for the FDA, told reporters that the agency would be storing each of the affected boxes in the appropriate conditions. “We will be conducting efficacy testing on samples from each of the boxes to determine what effect the unfortunate temperature excursions had on the vaccine,” Stanley said; “We may be able to provide box-by-box approval for the use of some of the vaccine. We do understand the importance of having a COVID-19 vaccine available as quickly as possible, but we want to ensure that it is an effective vaccine that the public can rely on.”
No comments:
Post a Comment