Ransomware Attack On US Power Station

A major cyber attack has hit a US gas compression facility in Massachusetts, forcing it to shut it down for two days as it struggled to recover. The power station operator has refused to meet the attackers' financial demands.

The Reading Municipal Light Department (RMLD) was targeted by cyber-criminals hoping to extort money by encrypting data in the station's computer system. The station bosses hired an outside IT consultant to help them deal with the ransomware infection instead of paying for the return of their files.

According to records obtained by a local TV station 1 in 6 Massachusetts communities have been targeted by ransomware and at least 10 communities have used taxpayers' money to recover encrypted data. RMLD said that its IT team had been working tirelessly to identify and isolate the problem, which was believed to have been contained. Outside help was brought in to make doubly sure that all traces of the malware had been removed.

The attack started with a malicious link in a phishing email that allowed attackers to obtain initial access to the organisation’s information technology (IT) network and later pivot to the company’s OT network. It happened because the adversary was able to hop from the gas compression facility’s IT network onto the operational technology (OT) network when an employee mistakenly clicked on a malicious email link.

Eventually, both the IT and OT networks were infected with what the advisory described as “commodity ransomware.” The infection of the OT network caused engineers to lose access to several automated resources that read and aggregate real-time operational data from equipment inside the facility’s compression operations.

These resources included human machine interfaces, or HMIs, data historians, and polling servers. The loss of these resources resulted in a partial “loss of view” for engineers.

From their account @readinglight, the company posted: "RMLD’s website, http://rmld.com, is currently unavailable due to a widespread issue our vendor is experiencing. There is no ETA for a resolution at this time. This issue is affecting multiple city and town websites in MA. Updates will be shared as they become available."

Electricity services were not interrupted by the attack, and RMLD said that the grid remains secure. RMLD also said that there were no indications that customers' financial data had been compromised as a result of the attack. Information regarding customers' bank accounts and credit cards is stored in a separate system managed by third-party provider Invoice Cloud.

Online payments remained unaffected by the ransomware attack, as they are handled by Invoice Cloud. RMLD said that prompt payment discounts will be honored despite a potential delay in the carrying over of payments from Invoice Cloud to RMLD’s billing system.

Customer data that may have been exposed in the attack includes names, addresses, email addresses, and records of how much electricity an individual has accessed.

RMLD has not confirmed how the ransomware entered their computer system, nor has the electricity provider stated how much money was requested by the attackers.
   
The attack also had a knock-on effect. While the direct operational impact of the cyber-assault was limited to one control facility, geographically distinct compression facilities also had to halt operations because of pipeline transmission dependencies. This resulted in an operational shutdown of the entire pipeline for the two days.

As industries such as oil and gas become an increasing target for cyberattacks by nation state actors, it’s important that organisations work together to try to counter the threat.

Fortunately, the attackers in this compromise didn’t cause any physical damage but the incident is the latest wakeup call to warn of the potential of hacks that could. 

Forbes:     Popular Mechanics:       Ars Technica:       Infosecurity Magazine

You Might Also Read:

Electric Grids Targeted For Cyber Attacks:

 


 

« Mexico’s Economy Ministry Falls Under Attack
Why 5G Is Going To Quickly Replace 4G »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSR Privacy Solutions

CSR Privacy Solutions

CSR Privacy Solutions is a leading provider of privacy regulatory compliance programs for small and medium sized businesses.

Marsh

Marsh

Marsh is a global leader in insurance broking and risk management and has been a leader in combatting cyber threats since their emergence.

Censornet

Censornet

Censornet's autonomous, integrated cloud security gives mid-market organisations the confidence and control of enterprise-grade cyber protection.

Adroit Technologies

Adroit Technologies

Adroit Technologies has been developing award winning real-time software for the industrial automation markets for over 25 years.

Cipher Tooth

Cipher Tooth

CipherTooth is a superior system for delivering secure content over the Internet.

DG Technology

DG Technology

DG Technology is a customer-centric technology expert and business consultant that delivers services and products to minimize your information security, compliance, and business risks.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute at Northern Michigan University offers non-degree and industry credentials relevant to emerging careers in cybersecurity.

ThreatReady Resources

ThreatReady Resources

ThreatReady reduces an organization’s risk by delivering cyber security awareness training based on the latest, state-of-the-art learning science to effectively drive long-term cyber-safe behavior.

CACI International

CACI International

CACI is at the forefront of developing and delivering technological breakthroughs that transform and optimize government operations.

Teleport

Teleport

Teleport is a remote-first technology company. We enable engineers to quickly access any computing resource anywhere on the planet.

ReachOut Technology

ReachOut Technology

ReachOut is a transformative approach to IT Security, Support, and Guidance. But we’re more than that. We’re passionate IT experts driven to make solutions to your problems.

Options Technology

Options Technology

Options is a global leader in financial technology, specialising in Capital Markets technology and enterprise-grade solutions.

Straiker

Straiker

Straiker's AI-native security platform is designed to protect enterprise AI applications and autonomous agents from evolving threats through automated assessment and runtime guardrails.

AFINE

AFINE

AFINE is a trusted advisor in the field of cybersecurity and pentesting.