It’s 2022, and cyberattacks are becoming sophisticated, more sinister, and deadlier. The last decade has seen an alarming increase in the number of cyberattacks, mostly in the form of ransomware attacks, with old versions being improved and new versions being developed, each one more destructive than the last.

If that wasn't scary enough, disruptionware is now on the rise—an attack type that targets critical networks and operations and paralyzes them. This is an emerging threat that can potentially disrupt the confidentiality, integrity, and availability—often referred to as the CIA triad—of a user’s systems, networks, and data. It was first identified by the Institute for Critical Infrastructure Technology.

Disruptionware can be far more damaging than the other types of cyberattacks. Most regular ransomware attacks, as we know, target the victim’s systems, data, and network and hold it hostage, demanding a ransom. However, disruptionware attacks both the information technology (IT) and the operational technology (OT) networks of its victims. That is, besides attacking its networks and systems, disruptionware attacks the organization's physical infrastructure, affecting its ability to operate. This can essentially paralyze the victim organization. The impact of attacks like these on government agencies and other critical infrastructures like hospitals can be catastrophic.

The disruptionware arsenal

While ransomware is the most common tool used by threat actors to initiate a disruptionware attack, there are various other tools in the disruptionware arsenal that attackers utilize. These include wipers, data exfiltration tools, bricking capabilities, and network reconnaissance tools.

Disruptionware often takes advantage of Remote Desktop Protocol (RDP) vulnerabilities to infect the victims through backdoor channels, remote access Trojans, and other malware types. Because of its inherent nature to target critical networks and operations, disruptionware can be extremely damaging for its victims. It is no longer a situation of merely holding data hostage or a possible downtime for a few hours or days. These attacks pose a severe threat to public health and safety as well.

Victims of disruptionware

A disruptionware attack in 2020 in a German hospital resulted in shutting down not just the hospital’s computers, but also its OT network and operating room infrastructure. This essentially led to critical life support systems and equipment being shutdown and becoming inaccessible, due to which several critical medical procedures were stalled. This ultimately led to the death of a patient who was scheduled for an emergency surgery.

Another example of a disruptionware attack is the one on the US Colonial Pipeline in May 2021. While the initial attack was in the form of ransomware, the threat actors were able to use malware to shut down the pipeline’s IT and OT networks. The pipeline was forced to shutdown for several days, causing major disruptions to many airlines and airports.

How to mitigate disruptionware attacks

The threat of disruptionware attacks is higher than ever in today’s workplace, where organizations are fast moving towards remote work, which relies heavily on technology.

While it is crucial to take preventive measures against all kinds of cyberattacks, it's essential to prioritize risks like those posed by disruptionware, as these kinds of attacks cause a lot more collateral damage.

Organizations must:

  • Ensure that they have robust and up-to-date cybersecurity systems in place to secure their IT and OT networks.
  • Have a solid backup system for data, for both on-premises and cloud data.
  • Have dedicated teams that can monitor and identify any unauthorized access to critical networks and take the necessary steps to stop the attack and minimize the damage.

Besides preventive measures, it is also imperative that organizations have an effective response plan and defenses in place. This will ensure that in the event of an attack, the organization is prepared with the right plan of action to recover with minimal damage and as quickly as possible.

Our SIEM solution, ManageEngine Log360, helps prevent attacks by alerting you if any unusual events or activities are detected and initiating automatic remediation processes. To see for yourself how Log360 can help defend your organization against disruptionware, malware, and other cyberattacks, sign up for a free, personalized demo.

Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks


© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.