Chemical Safety Incidents
German Nuke Infected with Malware
Tuesday, May 3, 2016 @ 09:05 AM gHale
A nuclear power plant in Germany suffered from an infection of computer viruses, but they appear not to have posed a threat to the facility’s operations, the station’s operator said last Tuesday.
The Gundremmingen plant, located about 120 km (75 miles) northwest of Munich, is run by the German utility RWE.
The viruses, which include W32.Ramnit and Conficker, ended up discovered at Gundremmingen’s B unit in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods, RWE said. The operating system ended up saved because it was not connected to the Internet.
Malware was also on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the plant’s operating systems. RWE said it increased cyber security measures as a result.
W32.Ramnit steals files from infected computers and targets Microsoft Windows software, according to the security firm Symantec. First discovered in 2010, it ends up distributed through data sticks, among other methods, and can give an attacker remote control over a system when there is a connection to the Internet.
Conficker has infected millions of Windows computers worldwide since it first came to light in 2008. It is able to spread through networks and by copying itself onto removable data drives, Symantec said.
RWE has informed Germany’s Federal Office for Information Security (BSI), which is working with IT specialists at the group to look into the incident.
The BSI was not immediately available for comment.
Because of the nature of systems at many utilities, these sorts of infections are not uncommon. The US Cyber Emergency Response Team (US-CERT) reported in 2013 that two US power plants had been discovered to have malware infections that entered systems via USB drives, requiring one plant to shut down some of its turbine systems while 10 computers associated with the turbine control system were scrubbed of malware.