Back in early June, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) published a fact sheet discussing the rising threat of ransomware to operational technology (OT) assets. This development raises several questions. Why is ransomware a threat to OT environments? And what can organizations do to protect their OT assets against ransomware?

To find out, I sat down for a chat with three Tripwire experts: Britney Palmer, account executive here with Tripwire; Lamar Bailey, senior director of cybersecurity for Tripwire; and Zane Blomgren, security senior engineer at Tripwire. Here’s what they had to say.

A Quick Overview of Ransomware and the Colonial Pipeline Attack

Richard Springer: Lamar, could you help level-set the audience and introduce ransomware?

Lamar Bailey: Ransomware is a subset of what we call “malware.” Malware is basically anything that you don’t want on your system that can come through various means. That said, ransomware is a little bit different. When it gets onto a system, the purpose of it is to basically hold that system and that data for ransom. The attackers will oftentimes steal the data on the system, encrypt the drives, encrypt all the data, and then charge you money to unencrypt it.

A couple of things to think about with ransomware. First, it costs you downtime plus the money you pay to get your data back. Second, just because you pay the ransom does not mean that the attackers will give you back your data and not come back to re-encrypt everything a week later.

RS: Thank you, Lamar. Britney, I’m going to turn to you about the oil and gas side and all things Colonial. Could you paint a picture of pre-Colonial and post-Colonial with regards to how ransomware has affected your customers?

Britney Palmer (Read more...)