FBI Investigates Attack on Critical Water Utility

FBI Investigates Attack on Critical Water Utility

According to a media release from Onslow Water and Sewer Authority (ONWASA) issued on October 15, 2018, a critical water utility in North Carolina was targeted in a cyber-attack. Federal and state officials are now working with the water utility as part of the investigation into the attack on some of its computer systems.

“In the wake of the Hurricane Florence disaster…ONWASA’s internal computer system, including servers and personal computers, were subjected to what was characterized as 'a sophisticated ransomware attack,' wrote Jeffrey Hudson, CEO, ONWASA.

Hudson also reported that no customer information was compromised. In addition to the FBI, the Department of Homeland Security and the state of North Carolina were also called in to assist.

According to Hudson, the water utility was targeted with virus attacks from a malware system on October 4. While he believed the virus was brought under control, the problem persisted, so external security experts were called in to work with ONWASA IT staff. A sophisticated malware virus, dubbed RYUK, was then launched on October 13.

In the aftermath of the attack, ONWASA received an email from the attackers, who are believed to be based in another country, according to Hudson. “The email is consistent with ransomware attacks of other governments and corporations…ONWASA will not negotiate with criminals nor bow to their demands. The FBI agrees that ransoms should not be paid,” he wrote.

As such, this ransomware attack will require that ONWASA rebuild several of its databases.

"As most ransomware is delivered through malicious email links, educating users on the danger of clicking on links from even trusted email sources can prevent many ransomware infections to begin with,” said Adam Laub, senior VP, product marketing, STEALTHbits Technologies Inc.

"Reducing end user access to file data, in particular, is also an effective mitigation technique because ransomware and other malware often relies on the access rights of the user who’s been compromised.  If they don’t have access privileges, then neither does the malware. Finally, backing up data – at least the data you really care about – can make even a successful ransomware attack a nonissue, relatively speaking."

Source: Information Security Magazine