By Fred Gordy Director of Cybersecurity at Intelligent Buildings, LLC, (CS)²AI Fellow
Building Control System WhisperGate Attack Post on LinkedIn https://www.linkedin.com/posts/intelligent-buildings_intelligentbuildings-smartbuildings-cre-activity-6912767514456305665-hEZY?utm_source=linkedin_share&utm_medium=member_desktop_web
I have periodically monitored several Russian aligned ransomware groups’ dark websites, primarily focusing on Conti. If you are not familiar, Conti is by far the most successful ransomware group in operation today, routinely pulling in multi-million-dollar payments from victim organizations, and they publicly announced their support for Russia when they invaded Ukraine. They are not the only ransomware groups to announce support for Russia. Others include UNC1151, Zatoichi, Killnet, Stormous Ransomware, Digital Cobra Gang (DCG), Freecivillian, SandWorm, The Red Bandits, and Coomingproject.
I have noticed an upwards spike in U.S. companies showing up on Conti’s site. As recent as today, March 24th, 2022, a U.S.-based mechanical engineering and construction firm that, according to their website, is a leader in the Washington, D.C. market. Their website says they work on complex commercial, government, and institutional design-build projects. Two days ago, a U.S.-based cancer diagnostics laboratory was ransomed. Data is up for sale for both these companies and others, and they have been locked out of their systems.
These two examples are centered around data, but the building controls community is not exempt. We recently were able to stop an attack on several building systems from what we believe to be Russia. WhisperGate malware was found and contained before it could do any damage. WhisperGate is a sophisticated malware known for targeting multiple organizations in Ukraine. It has two stages that corrupt a system’s master boot record, displays a fake ransomware note, and encrypts files based on certain file extensions.
Conti Post on LinkedIn