%202.svg)
Ingersoll Rand
Stormus Ransomware
Manufacturing
~$5M-10M in losses, ~3% of data leaked publicly
Likely Spear Phishing or Supply Chain compromise
Weak Credentials, Lack of Segmentation
Network Cloaking, Passwordless Secure Access, and Segmentation
%20Cards.png)
In March 2023, Ingersoll Rand, a major manufacturer of compressors andindustrial tools, experienced a ransomware attack where attackers exfiltrated andleaked some stolen data.
The attack is believed to have used a general ransomware vector, exploitingzero-day vulnerabilities in a VPN system, but Stormus is also known for phishing and credential stuffing. This attack is notable for being quickly stopped andisolated, preventing it from spreading beyond the ~1TB of data exfiltrated.
BlastWave enforces separation between the sensitive IT data (which was exfiltrated) and the critical OT control network.
The Zero Trust architecture would prevent the ransomware from reaching theindustrial control environment. At the same time, the IDM policy would havesegmented the data servers, limiting the amount of exfiltrated data by confining the attacker to a smaller, specific data segment rather than granting broadlateral access.
Reading about past failures is only useful if it changes future outcomes. If attackers can see your OT network, they can target it. If they can target it, compliance, safety, and uptime are already at risk.
BlastWave eliminates reconnaissance, initial access, and lateral movement — without agents, without downtime, and without changing IPs, protocols, or PLCs.