A water utility in the US state of North Carolina suffered a severe ransomware attack in the week after Hurricane Florence hit the East Coast of the U.S.
According to the Onslow Water and Sewer Authority (aka ONWASA) some internal systems were infected with the Emotet malware, but the regular water service was not impacted.
According to ONWASA, the infections would require several of the main databases to be completely recreated, fortunately, no customer information was compromised.
“We are in the middle of another disaster following Hurricane Florence and tropical storm Michael,” CEO Jeff Hudson said employees in a video posted on Facebook,
“With a very sophisticated attack they penetrated our defenses, just as they penetrated the city of Atlanta and Mecklenburg county.”
ONWASA CEO Jeffrey Hudson confirmed the ransomware attack began on October 4, the IT staff initially thought to have locked out the threat, however, on October 13 the malware started dropping the Ryuk ransomware into the infected systems.
“An ONWASA IT staff member was working was working at 3am and saw the attack,” ONWASA said.
“IT staff took immediate action to protect system resources by disconecting ONWASA from the internet, but the crypto-virus spread quickly along the network encrypting databases and files.”
Operators at the utility did not pay the ransom and opted out to recreate the infected systems.
“Ransom monies would be used to fund criminal, and perhaps terrorist activities in other countries,” ONWASA reasoned. “Furthermore, there is no expectation that payment of a ransom would forestall repeat attacks.”
The incident response had a significant impact on the operations of the utility in a critical moment, the aftermath of the Hurricane Florence.
ONWASA estimates it will take several weeks to rebuild all of the damaged systems, it will not possible for customers to pay the bill online and major delays will affect the service provided by the utility.
The effects of the Hurricane Florence on the Onslow county were important, schools are still closed and local authorities are still working to clean up debris from the massive storm. It has been estimated that costs to restore the ordinary situation will hit $125m.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.