Georgia Institute of Technology Georgia Institute of Technology

Research Horizons

Georgia Tech's Research Horizons Magazine


Two researchers in a lab with a laptop and some other instruments

To highlight vulnerabilities, Georgia Tech researchers have developed a new form of ransomware that can take control of a simulated water treatment plant. Shown are Raheem Beyah, associate chair in the School of Electrical and Computer Engineering, and David Formby, a Georgia Tech Ph.D. student.

By John Toon

Cybersecurity researchers have developed a new form of ransomware that was able to take control of a simulated water treatment plant. After gaining access, the researchers were able to command programmable logic controllers (PLCs) to shut valves, increase the amount of chlorine added to water, and display false readings.

The simulated attack was designed to highlight vulnerabilities in control systems used to operate industrial facilities such as manufacturing plants, water and wastewater treatment facilities, and building management systems. Believed to be the first to demonstrate ransomware compromise of real PLCs, the research was presented at the RSA Conference.

Though no ransomware attacks have been publicly reported on the process control components of real industrial control systems, such attacks have become a significant problem for patient data in hospitals and customer data in businesses. Attackers gain access to these systems and encrypt the data, demanding a ransom to provide the encryption key that allows the information to be used again.

“We are expecting ransomware to go one step further, beyond the customer data to compromise the control systems themselves,” said David Formby, a Ph.D. student in Georgia Tech’s School of Electrical and Computer Engineering. “That could allow attackers to hold hostage critical systems such as water treatment plants and manufacturing facilities. Compromising the PLCs in these systems is a next logical step for these attackers.”

Many industrial control systems lack strong security protocols, said Raheem Beyah, Motorola Foundation Professor and associate chair in the School of Electrical and Computer Engineering, and Formby’s faculty advisor. That’s likely because these systems largely haven’t been targeted by ransomware so far, and because their vulnerabilities may not be well understood by their operators.

Related: Simulated Ransomware Attack Shows Vulnerability of Industrial Controls, February 13, 2017

Subscribe to Research Horizons
Get the latest Georgia Tech research news through our free print magazine, monthly electronic newsletter, and Twitter feed.


Georgia Tech is home to more than 2,500 faculty members who conduct scientific and engineering research in hundreds of different research areas.

Related Stories

Read More
Read More
Read More

Media Contacts

John Toon

John Toon

Director of Research News
Phone: 404.894.6986

Anne Wainscott-Sargent

Research News
Phone: 404-435-5784

Subscribe & Connect

Follow Us on Twitter:


RSS Feeds

Subscribe to our RSS Feeds with your favorite reader.

Email Newsletter

Sign up to receive our monthly email newsletter.

Research Horizons Magazine

Sign up for a free subscription to Research Horizons magazine.