Analysis, prevention and detection of ransomware attacks on Industrial Control Systems

With the advent of Industry 4.0, Industrial Control Systems (ICS) are becoming a prime target for many cyber criminals. We are witnessing a steady increase in the number of ransomware attacks specifically designed to compromise industrial control systems. The consequences of these attacks can be devastating, as they are able to block production processes for days, resulting in a loss of revenue, violation of contractual terms, reputational damage, and sanctions in regulated markets. This paper analyzes two relevant cases of ICS ransomware and proposes a novel solution that is able to detect these infections and stop them before the actual compromise of the systems that control industrial machines and production plants. Experimental evaluation demonstrates the effectiveness of our approach against real malware samples in simulated, realistic ICS environments.