Researchers at the Georgia Institute of Technology have created a form of ransomware that can hit us where it really counts: the water supply. Their program installed itself in a model water plant and allowed the researchers to change chlorine levels, shut down water valves, and send false readings to monitoring systems.
“We are expecting ransomware to go one step farther, beyond the customer data to compromise the control systems themselves,” said David Formby, a Ph.D. student and co-author of the study. “That could allow attackers to hold hostage critical systems such as water treatment plants and manufacturing facilities. Compromising the programmable logic controllers (PLCs) in these systems is a next logical step for these attackers.”