Exploring Ransomware Attacks on Smart Inverters

The prevalence of ransomware threats has been rapidly increased, positioning them as a distinct malware form of cyberattacks. It is anticipated that financially motivated ransomware groups will increasingly focus their efforts on targeting critical power system infrastructures. Meanwhile, as traditional power grids keep progressing towards inverter-dominant smart grids and inverters are getting smarter (i.e., smart inverters) by incorporating real-time remote access and seamless firmware update. Therefore, the ransomware attackers may directly target smart inverters by coordinated malware attacks to manipulate critical power infrastructures leading to physical, financial, and societal disruption. This paper explores potential ransomware attacks on a commercial smart inverter and impacts on the overall inverter system. Firstly, two practical ransomware attack scenarios (remote access and physical access) are modeled by reverse engineering findings of the smart inverter and leveraging MITRE ATT&CK for ICS Matrix. Then, we conduct an assumed-breached penetration testing of the physical access ransomware attack scenario to demonstrate the current vulnerability and real impacts on the smart inverter system.