Key Factors Influencing the Rise of Current Ransomware Attacks on Industrial Control Systems

Ransomware is a malware type whose purpose is to lock and deny access to vital resources and services in the system. Like any other system, ransomware targets Supervisory Control and Data Acquisition (SCADA) and denies access to many components and data these systems collect. This represents a major threat to the systems that rely on SCADA to control the operational process. Although several studies have been conducted to address the issue of ransomware and mitigate the effect of its attacks, they approach the problem from the traditional systems perspective. That is, these solutions treat the ransomware attack on SCADA systems similar to those attacking conventional systems. This is not realistic because of the unique characteristics of SCADA systems, which are reflected in the nature and capability of ransomware attacks. Not only are data stored in SCADA nodes vulnerable to the ransomware attack, but also the data collected and shared with the other nodes. As such, traditional measures for ransomware detection become unable to deal with the attack as they assume that ransomware attacks the data at rest only. In SCADA systems, the attack model, success factors, and infection vectors of ransomware attacks are different. As such it is important to explore and understand the unique characteristics of ransomware that target SCADA systems as a prerequisite to thwart it. Therefore, this study is devoted to investigating the unique characteristics and main factors for successful ransomware attacks.