When ransomware hit a biomanufacturing facility this spring, something didn’t sit right with the response team. The attackers left only a halfhearted ransom note, and didn’t seem all that interested in actually collecting a payment. Then there was the malware they had used: a shockingly sophisticated strain dubbed Tardigrade.
As the researchers at biomedical and cybersecurity firm BioBright dug further, they discovered that Tardigrade did more than simply lock down computers throughout the facility. The found that the malware could adapt to its environment, conceal itself, and even operate autonomously when cut off from its command and control server. This was something new.
Today the cybersecurity nonprofit Bioeconomy Information Sharing and Analysis Center, or BIO-ISAC, of which BioBright is a member, is publicly disclosing findings about Tardigrade. While they’re not making an attribution about who developed the malware, they say its sophistication and other digital forensic clues indicate a well-funded and motivated “advanced persistent threat” group. What’s more, they say, the malware is “actively spreading” in the biomanufacturing industry.