Home > Cyber News > German Nuclear Plant Hit by W32.Ramnit and Conficker Worms

German Nuclear Plant Hit by W32.Ramnit and Conficker Worms

Ransomware has been hitting hospitals and putting the well-being of patients at risk for several months now. Attacking healthcare institutions is bad enough. What could be worse?

India Times just reported that a nuclear plant in Germany has been infected with multiple viruses. Luckily, no threat was posed to the facility’s operations since it is isolated from the Internet.

Similar Attacks:
Ransomware Hits 3 German Hospitals
$17,000 Ransom Paid by Hollywood Medical Center

It’s already reported that W32.Ramnit and Conficker, two well-known cyber threats that have been circling around the Web, are among the viruses which have compromised the Gundremmingen’s B power plant. The Gundremmingen plant is located approximately 120 km northwest of Munich and is operated by the German electric utilities company RWE.

The viruses were found in a PC system retrofitted in 2008 with data visualization software which was associated with equipment for moving nuclear fuel rods. Not only was this particular computer system affected but also 18 removable drives were infected by malware.

Technical Resume of W32.Ramnit

Win32/Ramnit is a worm that has been around for several years, discovered in 2010, which can also act as a backdoor. As explained by Symantec researchers, the worm can steal cookies to hijack online sessions. However, the worm’s set of capabilities is far more comprehensive:

  • Win32/Ramnit can harvest login credentials for a large number of FTP clients;
  • It can monitor a victim’s frequently visited websites, and can act as a man-in-the-browser;
  • It can allow the attacker remote access to the compromised system;
  • It can steal files from the compromised system.

Technical Resume of Conficker

Conficker is an infamous worm that has infected millions of Windows machines all over the globe. Even though Microsoft released a security patch in October 2008 (MS08-067) to protect against Conficker, the worm is still infecting computers. Here are some of its malicious capabilities:

  • Conficker can disable crucial system services and security products, including Windows Defender;
  • Conficker can download arbitrary files;
  • Conficker can prevent the victim from visiting security-related websites.

How Is Conficker Spread?

The dangerous worm spreads by copying itself to the Windows system folder. However, it can also spread through file sharing and through removable drives, such as USB drives (like the 18 drives found to be infected in the current case).

Have Any Precautions Been Taken?

The RWE company has notified Germany’s Federal Office for Information Security. The organization is cooperating with IT experts to further investigate the attack on Gundremmingen’s B. Official comments haven’t been released yet by the authorities.

This particular incident comes at awkward times. 30 years since the catastrophic Chernobyl disaster were registered on the 26th of April. In addition, after Fukushima in Japan, German’s government has been concerned about the safety of nuclear power and is accelerating the shutdown of nuclear plants.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share