Sign in / up

back to article Meet LogicLocker: Boffin-built SCADA ransomware

Let's start with the “calm down” part of the article: yes, LogicLocker is ransomware designed for programmable logic controllers, but no, the cyber-geddon isn't upon us. LogicLocker is a proof-of-concept written by David Formby, Srikar Durbha and Raheem Beyah of Georgia Tech (Formby and Beyah also disclose an affiliation with …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Palpy

    Option: shut down the line.

    "...a factory operator has the option to shut the plant down and restore the original firmware."

    Reminds me of a story an electrician once told me. He told a chip-plant manager, "I have to power down the line to work on that unit." The manager said, "If you shut down the line, I go back to Japan and look for another job. You do it hot."

    Just saying that -- indicated by the soft-spoken irony used by El Reg here -- a certain amount of deep breathing accompanies a decision to "shut the plant down". (With good luck and equipment redundancy, an op may be able to power down the PLC without boffing the whole line... be smart, and good luck.)

    2 0 Reply
    1. thames
      Reply Icon

      Re: Option: shut down the line.

      Most machines in most factories can be shut down and have the PLC CPU module replaced. PLCs do fail and have to be replaced. It's a routine maintenance procedure.

      If you have a process that is still running (since if it's not running, it's already shut down anyway) and absolutely must not shut down, then the system should be one that has redundant CPUs. These are off the shelf products made for this situation. You shut down one CPU and let it fail over to the other, replace it, then do the same to the other one.

      As for the story's "a response plan could involve keeping backups of critical programs on the premise", any competently managed factory will already have that. Again, PLCs do fail naturally, and always have. Sometimes it's not even the hardware which failed, sometimes the program has become corrupted by voltage spikes, or drop outs, or some other reason.

      The real problem which factories would face in this situation is diagnosing what is going wrong. Industrial networks don't normally have the sort of network monitoring equipment which would make this easy.

      The best approach for concerned factory engineers and managers to take however would be to isolate each machine or node as much as possible to ensure that they have little opportunity to interfere with each other. This is just good industrial control design practice regardless of whether you are dealing with malware or not.

      If you need to have systems communicating with each other, give them only very limited connectivity (via firewalls or other systems) rather than putting everything on a "flat" network such as vendors seem to like to show in their brochures. Many PLCs will fall over if you just accidentally bombard them with "too much" traffic, so again this is prudent system design for reliability regardless of whether you are concerned about maiware or not.

      5 0 Reply
    2. SImon Hobson Bronze badge
      Reply Icon

      Re: Option: shut down the line.

      Yeah, my first thought was "shut down the plant - would that be before or after the malware has wreaked havoc" ?

      Think about it, if the PLC just randomly turns stuff on and off, then with most plants it's likely to cause damage, and with many it could cause serious environmental or safety issues. For example, I remember reading a few years ago about a lead processing factory that installed a maaasive UPS that could keep the whole plant running if the power failed - yes, multi-MW territory. It cost "a lot", but the alternative was the risk an uncontrolled shutdown that could cause lead dust to be released into the environment. That wasn't the subject of the article, the article was on how they then figured out that with careful management they could use some of the stored energy to peak lop their electricity load and so save a considerable amount on their electrical bill.

      The problem is that in general it's not practical to build a system in such a way that the PLC can run amok and safety/supervisory systems will detect it and prevent damage from happening. You can easily spend many time the cost of the system on the safety measures, and for most plant that isn't justified.

      0 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    A PLC-programming mate did some work on a new aluminium smelter. That's a place where control system failures can literally wreck the plant - if the outage is so long that the molten aluminium cools!

    He told of a commissioning-time crisis where the PLC controlling the casting of ingots would boot up with the assumption that all its containers were empty - NOT the case when the PLC was restarted in operation. Result - attempting to fill forms that already held ingots, and thus a few tons of aluminium cooling on the floor. Set back commissioning by about 2 months IIRC.

    1 0 Reply
  3. John Smith 19 Gold badge
    Unhappy

    And that's just the start.

    The pro tip from "Zero days." "No system is really air gapped." if you want to attack a specific system you poison the networks of the contractors that support the site and wait for one of them to infect it.

    But I'm guessing doing a Mirai botnet attack with nothing more sophisticated than a list of known default passwords would bring in a fair haul of random PLC's that can be f**ked up (or rather un-f**ked up for a very reasonable consideration).

    BTW legally this is not blackmail. It's extortion.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like