NC Water Utility Recovering from Attack

Tuesday, November 13, 2018 @ 05:11 PM gHale

Just over one month after a ransomware attack hit a North Carolina water utility, few details have emerged.

The Onslow Water and Sewer Authority (ONWASA) had its internal computer system, including servers and personal computers, hit by a “sophisticated ransomware attack.”

RELATED STORIES
USB Drives Loaded with ICS-Based Malware
Russia Behind Triton Attack: Report
TUG: Safety System Attack ‘Slow Burn’
Lessons Learned One Year After Triton

While customer information did not suffer in the in the attack, other databases had to recreated, said Jeffrey Hudson, ONWASA chief executive. The FBI, the Department of Homeland Security and the state of North Carolina are all investigating the case.

Hudson said the utility began experiencing virus attacks from malware on Oct. 4 from a virus known at EMOTET, a polymorphic malware, which has a few short weeks after the region suffered from a devastating hit from Category 4 Hurricane Florence. He said it was believed the virus was brought under control, but security specialists were called when the problem persisted.

The end result was attackers encrypted several systems within the ONWASA system, Hudson said in a post.

Shelley Lynch, a public affairs officer for the FBI, said ONWASA is under investigation for a ransomware attack.

“In order to protect the integrity of the ongoing investigation, no additional information will be released,” Lynch said.

Attack Timeline
On Oct. 4, the utility began experiencing virus attacks from a malware system. When it persisted, ONWASA brought in outside security specialists, Hudson said.

At 3 a.m. on Oct. 13, the malware launched a sophisticated virus called RYUK during what Hudson said seemed to be a timed event.

An IT staff member was working at the time and saw the attack and began disconnecting ONWASA from the internet. Additional staff reported to the office within 30 minutes, Hudson said. However, the virus spread quickly and began encrypting databases and files.

ONWASA had multiple layers of computer protection in place, including firewalls and malware/antivirus software. However, the defenses of the system at the main office were penetrated.

The hackers emailed the utility service but have not given the utility a ransom fee, Hudson said. However, the ONWASA board said at the time, they would not be paying criminals.

“Do you bow your head meekly and say we will pay you and risk another attack or do you look them in the eye and say we’re Americans, we’re North Carolinians, we’ve survived hurricanes and by golly we’ll survive this too? That’s what we say. Do your best, we’ll come back from this. That’s what we’ll tell the cyber criminals and that’s what we’re telling the world,” Hudson said during a morning staff briefing after the attack that aired on Facebook Live.

Instead of paying for access to their files, ONWASA will begin rebuilding its databases and computer systems from the ground up.

On Oct. 15, the following Monday morning, the utility service had one customer service computer available.

Water and wastewater service to homes and businesses were not interrupted, according to the release.

Also in October, the city of West Haven, Connecticut, paid a $2,000 ransom to restore access to its computer system after a ransomware attack.

West Haven officials said they paid the money to anonymous attackers through the digital currency bitcoin to unlock 23 servers and restore access to city data.

The attack disabled servers early in the morning Oct. 17, and city officials said it was contained by 5:30 p.m. Wednesday.

Officials initially didn’t want to pay the ransom, but research showed it was the best course of action, said city attorney Lee Tiernan.

Protection Tips
Ransomware attacks are becoming a bigger issue within the industry where household brands like COSCO and FedEx, local governments from Atlanta to Alaska have fallen victim to the attacks. With ransomware attacks up by 229 percent in 2018, according to Sonic Wall, security teams need to pair the latest technologies with user education to protect against threats.

The following are some tips to help avoid a ranswomare attack:
1. Make sure you have a trusted antivirus or anti-malware software installed on all of your computers and mobile devices
2. Keep all wireless and personal account passwords safe, unique and managed with a password management tool
3. Backup files regularly to an external hard drive not connected to the Internet
4. Never open suspicious email attachments or links



Leave a Reply

You must be logged in to post a comment.