Complex Made Simple

Winter travelers: Be ware of ransomware during this ski season

The winter season is upon us and vacationers in the Middle East are all set for their holiday ski trips. However, according to FireEye Threat Intelligence, you can’t get away from hackers even during holidays in the mountains. The new report highlights recent ransomware attacks to cable cars in Austria and Moscow, highlighting a greater risk to the kind of transportation systems used by winter travelers.  

The cable car attacks in Moscow and Austria involved servers becoming infected with ransomware, causing a shutdown of cableways for two days. These incidents appear to be the result of hackers targeting the cableway specifically.  

According to FireEye, the CEO of the corporate entity that owns the Moscow Ropeway (MKD) reportedly received an email claiming "files on the company's major computer had been encrypted," a ransom would have to be paid in Bitcoin for their decryption, and that the size of the necessary ransom would be dictated by "the speed of the response" to the demand. While data does not suggest MKD was targeted with any kind of malware aside from ransomware, the impact to the cableway's operations recalls that earlier this year researchers identified a gondola lift in Austria that had an exposed human-machine interface as well.

(Alister Shepherd, Middle East and Africa director for Mandiant at FireEye)

Alister Shepherd, MEA Director, Mandiant at FireEye stated, “Industrial control systems are increasingly being exposed to attacks from the internet in ways that have a real-world impact. This can have a critical impact on public health and safety, and organisations need to take it seriously. With cable cars in many of the Middle East’s popular skiing destinations running on the same or similar systems, this threat something that travelers need to be aware of.”

Shepherd added, “The reality is that the interconnectivity of operational technology, which used to be properly isolated, has been increasing without the proper implementation of security in many instances. When a ransomware attack can affect such systems, we need to take notice and start to build appropriate security measures around these systems.”

FireEye previously reported that ransomware threats to industrial control systems are particularly acute and recommends asset owners avoid exposing such systems to the internet. If such systems are required to be internet-facing, FireEye recommends putting proper network safety actions in place.