The Claroty Blog

WannaCry in the Claroty Labs - Testing Impact to Industrial Network Components

| Patrick McBride

Claroty has tested WannaCry in its Lab environment and will be holding a webinar TOMORROW (Wednesday - 5.23.17) to discuss findings. Good news, bad news and insights for the future.

REGISTER HERE - 3pm EDT - Wednesday 5.24.17

This is not a "lets see how Claroty can stop WannaCry" marketing event - we conducted this testing and felt the community needed to see the results. We hope that you will join us - insighs on this and other potential ransomware impacts to ICS networks will be discussed.

WannaCry is clearly one of the top cybersecurity issues in 2017. The combination of traditional ransomware with worm-like propagation capability rapidly spread the malware across the internet and throughout internal networks. The fact that the virus could spread without human assistance materially increased the impact of the attack. But WannaCry - and likely successor campaigns - also changed the threat-level for industrial networks.

The threat actors that operated WannaCry did not aim to disrupt the operations of plants and other industrial networks. While not specifically targeted, industrial networks were nonetheless affected.  However, based on our conversations and public reports, most, but not all of the disruptions caused by WannaCry were the result of organizations shutting down plants/processes on purpose to prevent the malware found in their IT network from spreading to the shop-floor. While WannaCry was not the first reported ransomware campaign to cause “collateral damage” to industrial systems, it was clearly the most widespread and impactful.

In an earlier blog we explored what happened, what made the attack unique, summarized the impact to ICS systems, and contemplated the changing threat landscape.

In the days following the attack, we received more questions from customer and partners regarding the likelihood of “collateral damage” that could result from WannaCry and whether the ransomware poses an actual process shut-down risk or can be contained and resolved while maintaining operational continuity.  We attempt to answer these questions and draw some conclusion.

We tested WannaCry in our lab and are sharing our findings in the webinar and research report following the webinar.  During the webinar we will share summary conclusions about the industrial system risks resulting from the WannaCry campaign, discuss how the threat landscape has changed and what organizations should do moving forward.

REGISTER HERE - 3pm EDT - Wednesday 5.24.17

Join Claroty for summary results form our testing of the WannaCry Ransomware in our Labs


Subscribe to the Blog