Threat Intel: Johnson Controls International (JCI) Hit by Ransomware Attack
Ransomware Attack Information
Johnson Controls International (JCI) has suffered what is described as a massive ransomware attack that encrypted many of the company's devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations.
Systems & Assets Affected in Healthcare Environments
JCI is one of the most common vendors in the building automation space that operate in healthcare organizations. So far, the breach seems limited to the company and several of its subsidiaries. At this time there appears to be no impact on systems installed in customer sites. The impact on customers has so far been limited to JCI-operated systems such as customer support portals.
Widespread impact on the healthcare community is unlikely, but would introduce critical issues if they were to occur. Namely, the disruption of JCI building management systems such as HVAC would directly affect patient care.
Cynerio is actively monitoring customer environments for indicators of JCI-related attacks and will notify customers directly in the event of a suspected incident.
How Are Organizations Being Targeted?
Threat actors are actively targeting Operations Technology (OT) and Control Systems (CS) in several ways:
- Spearphishing
- Deployment of commodity ransomware
- Connecting to Internet-accessible PLCs and modifying control logic and parameters
- Downloading modified control logic and hacking controllers via ports and standard application layer protocols
- Exploiting vendor software to get unauthorized access
How Can This Impact Health Care?
A breach can directly impact clinical workflow and the ability to deliver critical medical care:
- OT networks and communications can become unavailable or be rendered inoperable
- Organization-wide workflow disruptions
- Loss of access by authorized personnel
- Damage to productivity jeopardizes patient safety and confidentiality, can compromise business integrity, and result in significant revenue losses
How Can Cynerio Help Mitigate the Threats?
Step 1: Deploy Attack Detection & Response to detect and respond to ransomware and other attacks
Step 1: Ensure uninterrupted medical services and organizational workflow by documenting impact of systems and assets before potential disconnection
Step 2: Inform disconnection of low-priority functionalities from systems to decrease risk
Step 3: Harden your network with North-South and East-West segmentation, vendor access management, software updates, and patching
Step 4: Create a network map of all connected devices, including OT systems and assets
Step 5: Conduct continuous monitoring and cyber risk assessments
Cynerio is offering a free risk assessment for healthcare organizations who may be affected. To schedule a free risk assessment for your healthcare network, contact us today.