HelpNet Security reported today that ASCO Industries, a privately held company acquired by Kansas-based Spirit AeroSystems in 2018, has been hit by a ransomware attack that disrupted its production around the world.
Tim Erlin, VP, Product Management and Strategy at Tripwire:
“This isn’t the first manufacturer to be hit by ransomware and it won’t be the last. Ransomware is successful when victims actually pay the ransom. It might seem like a simple solution to the ransomware problem would be to stop paying the ransom, but that’s easier said than done when your data, and your business, are being held hostage. The best protection against ransomware is a good set of backups and the ability to restore systems quickly.”
Martin Jartelius, CSO at Outpost24:
“This is yet again a tragic example of when systems within a network fulfilling critical functions have been subject to a relatively open network environment allowing the attack to propagate and affect related systems. Hardening and defense in depth, as well as isolation of production environments, is critical to decreasing the impact of breaches. In this case the breach was a ransomware, but it could equally well have been a targeted attacker gaining persistent access to the environment. Given what this vendor produces, a ransomware while disastrous for them financially, it’s far better than having an attacker with a potential to affect the integrity of their fighter jets.”
Hugo van den Toorn, Manager of Offensive Security at Outpost24:
“This also highlights once again the importance of proper security measures, not just within traditional IT but also in operational technology (OT) and cyber-physical systems. If you are unable to properly secure a system, it needs to be isolated to the greatest extent.
Whether it is a single IP camera, or a complete factory, become resilient and ensure your complete organisation is able to withstand an attack against these systems. As first layer of defence, ensure nothing can easily get into your network from the outside. And if ransomware hits, make sure it is contained and cannot propagate through your network. Just like building a dominoes chain, make sure to put blockers in between. Otherwise if one domino topples, you have to start all over again.”
Chris Doman, Security Researcher at AT&T Alien Labs:
“We’ve previously seen LockerGaga ransomware as responsible for disruption at Norsk Hydro (https://www.nrk.no/norge/skreddersydd-dobbeltangrep-mot-hydro-1.14480202) and Altran (https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/) plants.
It may be the same case here, though it’s too early to tell at this point.”