Article

Ransomware in critical infrastructure

Ten questions and actions to tackle this major threat 

Critical infrastructure assets are high value targets for state-based cyber espionage and asymmetric warfare, and increasingly, active ransomware criminal groups. Aided by rapid digitisation, 2020 was characterised by a significant increase in cyber-criminal activity, in particular ransomware attacks.

But can ransomware groups disrupt electricity supply and other essential services in their escalating quest to earn larger rewards?

Let's consider what we know:

  • As far back as 2015, a highly sophisticated group showed the world that cyber attackers could cause a real-life disruption of electricity supply to citizens, businesses and infrastructure alike—by effectively taking down parts of Ukraine’s power grid.
  • A year later, a related group launched and tested malware specifically designed to take over industrial control systems in even more critical components of an electric grid, which could have shut down power in entire regions in Ukraine if the group decided to do so.
  • Several ransomware groups claim to have access to critical infrastructure including a nuclear power plant.
  • In 2021, ransomware groups targeted multiple industrial facilities including water treatment plants, factories, and even a nationally strategic pipeline operator in the US. The pipeline attack resulted in fuel shortages across a wide region for gas stations, airports, the military, and even home heating.

The capability for severe and widespread disruption is quite clear. Indeed, all our essential services are increasingly at risk, as a successful cyber attack on critical infrastructure can:

  • disrupt operations and the supply of electricity, oil, gas, water, waste management, and transport
  • further threaten the safety of workers and citizens as dependent services, including emergency services and health facilities, suffer shortages or are compromised as collateral damage
  • impact revenue, result in reputational damage, and lead to litigation or regulatory consequences to the service outage
  • bring an economy to a standstill in a serious and sustained scenario, due to the domino effects described earlier, and the possibility of public disturbance and civil unrest
  • be leveraged to weaken a country’s government and essential services in preparation for a conventional military attack by another nation-state.

Did you know?

  • It takes 201 days on average to identify a cyber breach, giving attackers on average more than six months to prepare and launch their ransomware attack
  • It can take less than 45 minutes to ransom an entire network for a large, distributed global organisations
  • 50% of ransomware attacks leverage the supply chain, i.e. vendors or contractors
  • 31% of ransomware victims experience destructive outcomes
  • More than 50% of ransomware attacks on industrial organisations may affect OT networks directly or indirectly, while some ransomware programs can now disrupt ICS specifically

Source: Deloitte analysis; news reports.

Please download the report for further insights
Did you find this useful?