12 November 2018

Hacker attack and extortion because of a coffee machine

One of the European petrochemical plants turned out to be infected with an extortion virus (presumably Wanna Cry) because of the coffee machine. The coffee machine itself was connected to an isolated Wi-Fi network and the internal network of the enterprise.

This case was revealed by a user of the Reddit forum under the pseudonym C10H15N1, who worked as a chemical engineer in the company.
According to his words, the incident happened in June 2017.
At each plant there is a control tower, where the systems are monitored. A monitoring of all the plant takes place through the central control room remotely.
In the event of a problem, the operators of local control tower contact the central control tower. Further, the problem is solved through the central control tower, or instructions are given to local operators to solve the problem.
A call of one of the operators was received at the central control room. The local operator reported the failure of all computers of the local control tower. All systems of the plant worked normally, only the monitoring system was affected. As it turned out later, computers were infected with extortionate software, which is rather strange, since they are physically isolated from the external environment and are located in the internal network.

After reinstalling the operating system on the affected computers running Windows XP, the infection occurred again. It turned out that the reason was an infected coffee machine, which was connected by the employees of the company to the isolated Wi-Fi network and the internal network of the control center.