NC Water Utility Fights Post-Hurricane Ransomware

  /     /     /  
Publicated : 23/11/2024   Category : security


NC Water Utility Fights Post-Hurricane Ransomware


North Carolinas Onslow Water and Sewer Authority was hit with an advanced attack in the wake of Hurricane Florence.



The Onslow Water and Sewer Authority (ONWASA), a critical water utility based in North Carolina, is responding to a sophisticated ransomware attack in the aftermath of Hurricane Florence, the violent and powerful storm that battered the East Coast last month.
ONWASA reports the attack targeted its internal computer system, including servers and personal machines, leaving it with limited computer capabilities. Officials say customer data was not compromised and the areas environment and public water supply were both unharmed. However, they warn, many other databases must be fully re-created.
The incident started on Oct. 4, when ONWASA began detecting persistent attacks in the form of Emotet, a type of polymorphic malware. Emotet is known as an advanced
banking Trojan
that mainly works as a downloader for other banking Trojans. Its among the most expensive and destructive forms of malware to hit state and local governments, US-CERT
reports
.
ONWASA first believed the threat was under control; when it continued, the utility recruited external security experts to work on the problem alongside its internal IT staff.
The situation escalated in the early hours of Oct. 13, when the malware dropped Ryuk, a highly targeted ransomware strain that first appeared earlier this year. Ryuk, which has targeted global organizations, has relatively low technical capabilities but can spread major damage. Unlike most ransomware, which spread via spam, its exclusively used for tailored attacks.
In fact, its encryption scheme is intentionally built for small-scale operations, such that only crucial assets and resources are infected in each targeted network with its infection and distribution carried out manually by the attackers, Check Point researchers
explain
.
Fortunately, one of ONWASAs IT employees was working at 3 a.m. when Ryuk appeared. Staff immediately tried to protect systems by taking the organization offline, but the virus quickly spread, encrypting databases and files along the way.
ONWASA reports
its incident is similar in nature to cyberattacks affecting major cities, including
Atlanta
and Mecklenburg County, N.C.
The utility has heard from its attackers, who it says may be based in a foreign country. It also says their email was consistent with ransomware attacks on other governments and corporations. ONWASA will not negotiate with criminals nor bow to their demands, it says.
Instead, it will rebuild its databases and systems from the ground up. ONWASA is coordinating with the FBI, Department of Homeland Security, the State of North Carolina, and several cybersecurity companies to investigate the attack and move forward.
While it does, ONWASA says the lack of computing capabilities will affect the timeliness of service for several weeks. All plant and office locations will continue to operate manually. Customers can still pay via credit card over the phone or in person; however, things like service orders and account creation will use manual processes until computer systems are back up and running. Email service has been interrupted for most of the utility, it reports.
Related Content:
6 Reasons Why Employees Violate Security Policies
3 Out of 4 Employees Pose a Security Risk
4 Ways to Fight the Email Security Threat
Threat Hunters & Security Analysts: A Dynamic Duo
 
 
 
Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
 and
to register.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NC Water Utility Fights Post-Hurricane Ransomware