Tens of thousands of ICS (Industrial Control Systems) computers around the world are running Kaspersky Lab solutions. The analysis for the first half of 2017 shows that attack attempts were blocked on 37.6% of these computers. This represents a slight decrease of 1.6% compared to the second half of 2016. The majority of attacks affected manufacturing companies (31%), followed by mechanical engineering, education and the food industry. ICS computers in the energy sector accounted for just under 5% of all attacks.

The experts at Kaspersky CERT (Computer Emergency Response Team) identified the Internet as the main source of danger. Accordingly, 20.4% of the ICS computers examined were prevented from downloading malware or accessing malicious or phishing web resources. In the first half of 2017, Kaspersky Lab experts detected a total of 18,000 different malware samples in industrial automation systems, which could be assigned to 2,500 different malware families.

The most important figures on ransomware attacks

The first half of the year was characterized by a ransomware epidemic that did not stop at industrial companies. By June 2017, the number of individual ICS computers attacked by encryption Trojans had tripled. The total volume of ransomware could be assigned to 33 families. Most Trojans spread via spam emails that were disguised as business communications and contained either malicious attachments or links to malware downloaders.

The most important figures:

• ICS computers in 63 countries worldwide were affected by numerous ransomware attacks. WannaCry and ExPetr caused the most damage.
• With attacks on 13.4% of all computers in the industrial environment, WannaCry is at the top of the ransomware families. WannaCry primarily targeted the healthcare and public sectors.
• ExPetr also proved to be particularly dangerous in the first half of the year. More than every second company in the manufacturing sector and the oil and gas industry was attacked.
• The ten most widespread ransomware Trojans also include Locky and Cerber, which have been active since 2016 and have enabled cyber criminals to make the highest profits since then.

Industrial systems insufficiently protected

"In the first half of this year, we saw how weakly protected industrial systems are. Almost all affected industrial computers were infected by accident and as a result of attacks on home users and corporate networks," says Evgeny Goncharov, Head of Critical Infrastructure Defense Department at Kaspersky Lab. "As a result, WannaCry and ExPetr have proven to be destructive ransomware, causing disruption to production cycles worldwide, as well as logistical failures and forced downtime in medical facilities. The impact of such attacks can encourage attackers to act further. As preventative measures are already too late, organizations should consider proactive protection measures to avoid similar attacks in the future."