Computer network of a European petrochemical plant had been infected with ransomware virus due to the vulnerable coffee machine which was connected to the local network of enterprise’s dispatch center. This case was described by one of the Reddit users under the C10H15N1 nickname.
According to C10H15N1, the incident occurred a month ago. C10H15N1 works as a chemical engineer in a company that owns a number of petrochemical plants in Europe. Each plant has a local dispatch center that monitors the operation processes of all systems. Monitoring of all plants is carried out remotely from the central control room. If a problem arises, an operator of a local control room calls to the central control room, and the problem can usually be solved remotely, or the local operator is instructed to solve the problem.
One day a central operator received a call from one of the local operators who reported the failure of all computers in the local control room. At the same time, all plant systems worked normally, while the monitoring system was affected. As it turned out, computers were infected with ransomware. This failure was rather strange, because the infected machines were physically isolated from the external environment.
After reinstalling the operating system on affected computers running Windows XP, ransomware infection occurred repeatedly. It turned out that the reason was hidden in the infected coffee machine, which was connected by the company’s staff to an isolated Wi-Fi network and to the local network of dispatch center.