Re: Ransomware outbreak hits Norwegian ‘computers’
"Then why not connect your valuable system environments using VPNs runing on read-only embedded hardware."
What?
Your embedded hardware will be logging data from the equipment, even if they're read only, they need to send information somewhere. And VPN's generally don't help as you will likely be in full control of your network - adding a VPN on top will just mean the virus/malware propagates via encrypted tunnels rather than directly over the wire within your buildings.
Traditionally, good practice has been to fully isolate SCADA-type systems from office LAN's as they tend to receive less frequent patching (i.e. once or twice a year managed by the vendor) and often won't have AV installed due to either vendor recommendations or conflicts with fragile applications. As management of those systems is centralised or outsourced, the desire for more connectivity makes them harder to protect.
Having said that, it sounds like the SCADA-type systems aren't affected but have been isolated as a precaution. Based on previous organisations experiences with ransomware, if you aren't patched against the vulnerability it uses to spread, your only hope is shutting down the network until you have a solid plan for containment and rebuilding. And that solid plan better include isolation of any networks that you're unsure of - something that is often easier said than done when management of the devices is off-site.
Biting the hand that feeds IT
