Ransomware has been hitting hospitals and putting the well-being of patients at risk for several months now. Attacking healthcare institutions is bad enough. What could be worse?
India Times just reported that a nuclear plant in Germany has been infected with multiple viruses. Luckily, no threat was posed to the facility’s operations since it is isolated from the Internet.
It’s already reported that W32.Ramnit and Conficker, two well-known cyber threats that have been circling around the Web, are among the viruses which have compromised the Gundremmingen’s B power plant. The Gundremmingen plant is located approximately 120 km northwest of Munich and is operated by the German electric utilities company RWE.
The viruses were found in a PC system retrofitted in 2008 with data visualization software which was associated with equipment for moving nuclear fuel rods. Not only was this particular computer system affected but also 18 removable drives were infected by malware.
Technical Resume of W32.Ramnit
Win32/Ramnit is a worm that has been around for several years, discovered in 2010, which can also act as a backdoor. As explained by Symantec researchers, the worm can steal cookies to hijack online sessions. However, the worm’s set of capabilities is far more comprehensive:
- Win32/Ramnit can harvest login credentials for a large number of FTP clients;
- It can monitor a victim’s frequently visited websites, and can act as a man-in-the-browser;
- It can allow the attacker remote access to the compromised system;
- It can steal files from the compromised system.
Technical Resume of Conficker
Conficker is an infamous worm that has infected millions of Windows machines all over the globe. Even though Microsoft released a security patch in October 2008 (MS08-067) to protect against Conficker, the worm is still infecting computers. Here are some of its malicious capabilities:
- Conficker can disable crucial system services and security products, including Windows Defender;
- Conficker can download arbitrary files;
- Conficker can prevent the victim from visiting security-related websites.
How Is Conficker Spread?
The dangerous worm spreads by copying itself to the Windows system folder. However, it can also spread through file sharing and through removable drives, such as USB drives (like the 18 drives found to be infected in the current case).
Have Any Precautions Been Taken?
The RWE company has notified Germany’s Federal Office for Information Security. The organization is cooperating with IT experts to further investigate the attack on Gundremmingen’s B. Official comments haven’t been released yet by the authorities.
This particular incident comes at awkward times. 30 years since the catastrophic Chernobyl disaster were registered on the 26th of April. In addition, after Fukushima in Japan, German’s government has been concerned about the safety of nuclear power and is accelerating the shutdown of nuclear plants.