Ransomware Attack On US Power Station

A major cyber attack has hit a US gas compression facility in Massachusetts, forcing it to shut it down for two days as it struggled to recover. The power station operator has refused to meet the attackers' financial demands.

The Reading Municipal Light Department (RMLD) was targeted by cyber-criminals hoping to extort money by encrypting data in the station's computer system. The station bosses hired an outside IT consultant to help them deal with the ransomware infection instead of paying for the return of their files.

According to records obtained by a local TV station 1 in 6 Massachusetts communities have been targeted by ransomware and at least 10 communities have used taxpayers' money to recover encrypted data. RMLD said that its IT team had been working tirelessly to identify and isolate the problem, which was believed to have been contained. Outside help was brought in to make doubly sure that all traces of the malware had been removed.

The attack started with a malicious link in a phishing email that allowed attackers to obtain initial access to the organisation’s information technology (IT) network and later pivot to the company’s OT network. It happened because the adversary was able to hop from the gas compression facility’s IT network onto the operational technology (OT) network when an employee mistakenly clicked on a malicious email link.

Eventually, both the IT and OT networks were infected with what the advisory described as “commodity ransomware.” The infection of the OT network caused engineers to lose access to several automated resources that read and aggregate real-time operational data from equipment inside the facility’s compression operations.

These resources included human machine interfaces, or HMIs, data historians, and polling servers. The loss of these resources resulted in a partial “loss of view” for engineers.

From their account @readinglight, the company posted: "RMLD’s website, http://rmld.com, is currently unavailable due to a widespread issue our vendor is experiencing. There is no ETA for a resolution at this time. This issue is affecting multiple city and town websites in MA. Updates will be shared as they become available."

Electricity services were not interrupted by the attack, and RMLD said that the grid remains secure. RMLD also said that there were no indications that customers' financial data had been compromised as a result of the attack. Information regarding customers' bank accounts and credit cards is stored in a separate system managed by third-party provider Invoice Cloud.

Online payments remained unaffected by the ransomware attack, as they are handled by Invoice Cloud. RMLD said that prompt payment discounts will be honored despite a potential delay in the carrying over of payments from Invoice Cloud to RMLD’s billing system.

Customer data that may have been exposed in the attack includes names, addresses, email addresses, and records of how much electricity an individual has accessed.

RMLD has not confirmed how the ransomware entered their computer system, nor has the electricity provider stated how much money was requested by the attackers.
   
The attack also had a knock-on effect. While the direct operational impact of the cyber-assault was limited to one control facility, geographically distinct compression facilities also had to halt operations because of pipeline transmission dependencies. This resulted in an operational shutdown of the entire pipeline for the two days.

As industries such as oil and gas become an increasing target for cyberattacks by nation state actors, it’s important that organisations work together to try to counter the threat.

Fortunately, the attackers in this compromise didn’t cause any physical damage but the incident is the latest wakeup call to warn of the potential of hacks that could. 

Forbes:     Popular Mechanics:       Ars Technica:       Infosecurity Magazine

You Might Also Read:

Electric Grids Targeted For Cyber Attacks:

 


 

« Mexico’s Economy Ministry Falls Under Attack
Why 5G Is Going To Quickly Replace 4G »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

CyberTrap

CyberTrap

CyberTrap is an advanced highly-interactive deception technology allowing real-time analysis and control of security breaches.

Remediant

Remediant

Remediant is the leader in Precision Privileged Access Management. We protect organizations from ransomware and data theft via stolen credentials and lateral movement.

National Cyber Security Centre (NCSC) - Switzerland

National Cyber Security Centre (NCSC) - Switzerland

The National Cyber Security Centre is Swizerland's competence centre for cybersecurity and the first contact point for businesses, public administrations, and the public for cyber issues.

Kobil Systems

Kobil Systems

Kobil is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

Irdeto

Irdeto

Irdeto is the world leader in digital platform security, protecting platforms and applications for media & entertainment, gaming, connected transport and IoT connected industries.

Capy

Capy

Capy's SaaS-based security solutions will protect your website from bots, spam, humans and more.

Morphus Information Security

Morphus Information Security

Morphus is an information security company providing Red Team, Blue Team and GRC services as well as conducting research in cybersecurity and threat analysis.

Tracepoint

Tracepoint

Tracepoint provide full-service cyber incident response, remediation and recovery solutions for the most time-sensitive situation your company may ever face.

RocketCyber

RocketCyber

RocketCyber is a Managed SOC platform empowering Managed Service Providers (MSPs) to deliver security services to small and medium businesses.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

Cyviation

Cyviation

Cyviation's mission is to mitigate ever-growing and menacing Cyber Security threats, focusing on aircraft, airlines and airports.

OutKept

OutKept

OutKept offers the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness.

Dotsquares

Dotsquares

Dotsquares leverage the latest web and mobile technologies to build, grow and support your business.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.

Oasis Security

Oasis Security

Oasis is the market leading platform for non-human identity management. Our mission is to fortify cybersecurity defenses by enabling enterprises to efficiently secure non-human identities.