A press release from Robotron today reported that a number
of their devices loaded with MotorSteuerung software have been compromised
during the recent ransomware attack on the main manufacturing facility in Dresden,
Germany. Devices purchased directly from Robotron since November 2nd,
2019 should be removed from service until a Robotron service representative can
check the software.
Erich Mielke, spokesman for Robotron, reported that the
company had learned that the MotorSteuerung master software on their severs had
apparently been corrupted during the attack. “In the 24-hours that our servers
remained encrypted, it appears that doctored software was substituted for
factory standard version that is used to load devices being shipped for service,”
Mielke explained.
Registered customers can check their device serial number
against the list on the Customer Service web site.
Dade Murphy from Dragonfire told reporters that his company
had reported the corrupted software to Robotron. We were doing an investigation
at one of our customer sites and noted that the software was communicating with
a command and control server in Bulgaria that was associated with WannaControl
ransomware. This is a new ransomware strain that specifically attacks
industrial control systems, putting control systems into shutdown mode and
encrypting the files.
Murphy noted that; “In the few cases we have identified, the
attackers took great care to safely shutdown the control systems before encrypting
the files that would allow for a restart of the process. This requires a great
deal of system knowledge and probably reflects a long residence time on the
system before the actual attack takes place.” Dragonfire has not yet been able
to determine the source of the infection for these attacks; phishing attacks
have been ruled out.
CAUTIONARY NOTE: This is a future news story –
No comments:
Post a Comment