WannaCry protection for many applications
Recent events have illustrated how important it is to protect systems against unauthorized access by people or malware. FL mGuard devices from Phoenix Contact protect your industrial network with a powerful, flexible, and fast firewall.
With file hijacking attacks on the increase worldwide, we decided to provide some answers to basic cybersecurity questions and review malware attacks, so that you can better understand what this rising ransomware trend is all about.
What is ransomware?
Ransomware is a form of malicious software requiring the user of the computer to pay a ransom in order to recover encrypted files or regain access to the entire system.
Once it penetrates the computer, this malware is activated and causes the entire operating system to crash.
Screenshot of WannaCry ransomware
How does ransomware work?
There are two types of ransomware. They work differently depending on whether encryption exists.
1. A system takeover without encrypting the data
Typically, this malware will disable Task Manager, block access to the registry, and infect the EXPLORER.EXE file, causing all desktop icons to disappear. This prevents you from using any of your programs.
2. Encryption of hard drive data
This type of malware encrypts your hard drive data with codes that are almost impossible to decipher without knowing the key. If the encryption only affects system files, antivirus software can regain control by recovering the system files. If the entire operating system is encrypted – or worse, your user data – the only solution is to format the hard drive, with the inevitable loss of data.
Potential targets?
Any computer, smartphone, or tablet that runs an operating system (OS) is a potential target for ransomware. This means that the applications hosted by these devices or with which the devices interact could be negatively impacted.
In the healthcare industry, for example, we have found that often old and unsupported Windows PCs are used as part of legacy medical equipment, such as X-ray and MRI machines, etc.
Industrial control systems are another market where legacy and unpatched operating systems are running critical processes. Power stations and water/wastewater treatments plants that supply power and clean water to our homes fall into this category.
The three best practices for protecting the operating system
1. Patching
The most direct and important action is to patch the operating system with the latest security updates on a regular basis.
2. Network segmentation
Using routers with integrated firewalls can limit and restrict incoming data traffic from trusted and untrusted devices. In addition, this provides a form of isolation, preventing the lateral spread of malware.
3. Protection of the operating system
Conventional antivirus (AV) software works in a “signature-based” system. The antivirus engine compares files and activities against a database of known virus signatures. In the event of a match, the offending file is deleted or placed in quarantine. This model has two flaws: first, each operating system must update its AV database frequently to detect and protect against new viruses and worms; second, new malware and viruses that attack “zero-day” vulnerabilities go undetected as they don’t have a “signature” in the database yet. As a result, alternative integrity assurance techniques for the protection of industrial systems have become more relevant.
The mGuard family
How can FL mGuard help?
The mGuard family of robust security appliances includes firewall, routing, and optional VPN functionality for critical networks. These high-level layer 3 functions are essential for protecting your industrial network from malicious attacks or unplanned disruptions, and for connecting to office or company networks.
Different hardware versions cover a wide range of applications and provide flexibility while simultaneously delivering full mGuard protection and connectivity. The hardware includes devices for field engineers, devices for use with desktop PCs/laptops in an office environment, plus robust versions for industrial use featuring FO and copper interfaces, Gigabit connectivity, PCI form factor, and approvals for hazardous locations. Furthermore, the CIFS Integrity Monitoring function provides an alternative to conventional antivirus solutions.
CIFS Integrity Monitoring regularly checks Windows systems against a reference status to determine whether certain files, e.g., .exe or .dll, have changed. If any of the Windows operating system files have been modified or deleted, or if a new file has been added to the monitored directory, mGuard generates an alert in the form of an e-mail, SNMP trap, or log warning. At this point, development, maintenance, or IT staff can take corrective action.
Edit
Find out more about cybersecurity and discover our products for secure industrial networks.