2021 ICS Cyber Security Conference

Ransomware is the most common attack type against organizations with industrial control system networks today, with incidents leading to shutdowns of critical infrastructure, millions of dollars in productivity lost per hour, layoffs, and ripple effects across multiple markets. Of ransomware strains in use today, Ryuk ransomware actors in particular appear to gravitate toward organizations with industrial control system networks. In addition, there have been more documented cases of Ryuk ending up on operational technology networks themselves compared to most other ransomware strains. This session will provide a deep dive on Ryuk, examine why the actors behind it are targeting industrial control systems, how the ransomware has jumped segmentation into ICS and OT networks, and explore new mechanisms in the malware’s propagation mechanism that might make it even more capable of getting on OT networks in the future. Case studies of specific instances in which Ryuk has migrated into OT networks will be part of this discussion. The session will end with concrete measures organizations with ICS networks can take to shore up defenses against this particular ransomware strain.