The Evolution of Ransomware into Industrial Control Systems

The Evolution of Ransomware into Industrial Control Systems

Blog by Chris Gausden, Arcanum Cyber Security Principal Consultant.

The publicity around the Wannacray and NotPetya ransomware in 2017 has now been documented and consigned to the history books. Although it was generally acknowledged that this was not a targeted ransomware attack, the impacts to NHS IT systems were significant. The panic caused across UK government and industry was a late “call to arms” for vulnerability management services and other related security operations functions.

3 years on, and the threat of ransomware has become commonplace for ordinary citizens as well as larger organisations. The problem has not changed, but the ransomware has, as it now extends its impact from merely encrypting data volumes to also impacting and disrupting industrial controls systems. It would appear that ransomware and its associated extortion has quickly become big business, with nefarious organisations establishing a significant capability including websites that publish details of successful attacks and victims.

Now Honda appears to have become the latest victim of this profitable crime [1] with malware that causes significant logical damage including impacting industrial control systems (ICS).[2]

In many cases, the introduction of malware via traditional paths (on media/phishing mail/web access) has not changed much over time, but the various options for reducing risk and mitigating the impacts of such an attack have. Cloud technology now makes it easier to run with dynamic processing redundancy and virtual data backups, but the need to logically separate the higher risk attack paths from the production processes still exists. The relevant cloud-based security protective and detective technologies need to be identified, enabled, and operated based on a realistic view of attack paths and risks.

Effective defence starts with understanding all of the business processes and their critical supporting assets, as well as attack vectors present. This will enable the identification of the relevant real-world threats and risks that will need to be addressed.

No doubt the battle will continue, and as long as companies are forced to pay significant sums in order to recover their data and production capabilities, the attackers will continue to evolve their attack technologies and methods.


How Arcanum Can Help

Arcanum Information Security is a leading National Cyber Security Centre (NCSC) accredited provider, certified in both Risk Assessment and Risk Management to provide specialist Cyber Security consultancy services. Arcanum consultants are NCSC Certified Professionals, with extensive knowledge and experience in identifying Cyber Security Risks in Industrial Control Systems. In addition, we provide Digital Forensics through our ISO 17025 accredited laboratory.

For more information, get in touch by calling: 01558 669140 or alternatively email:


More Information 

The Network and Information Systems Regulations (NIS Regulations) aim to raise levels of cyber security and resilience of network and information systems which are critical for the delivery of digital services and essential services in the UK. The Regulations provide legal measures to protect essential services and infrastructure by improving the security of their Network and Information Systems and maturing their resilience. Read more about the NIS Regulations here.

Arcanum has experience of carrying out assessments using The Cyber Assessment Framework (CAF). We can guide you through the process from start to finish. Click here for support with with The Cyber Assessment Framework.



[1] BBC NEWS/ Technology

[2] Honda Cyber Attack