According to the Onslow Water and Sewer Authority (aka ONWASA) some internal systems were infected with the Emotet malware, but the regular water service was not impacted.
According to ONWASA, the infections would require several of the main databases to be completely recreated, fortunately, no customer information was compromised.
“We are in the middle of another disaster following Hurricane Florence and tropical storm Michael,” CEO Jeff Hudson said employees in a video posted on Facebook,
“With a very sophisticated attack they penetrated our defenses, just as they penetrated the city of Atlanta and Mecklenburg county.”
ONWASA CEO Jeffrey Hudson confirmed the ransomware attack began on October 4, the IT staff initially thought to have locked out the threat, however, on October 13 the malware started dropping the Ryuk ransomware into the infected systems.
“An ONWASA IT staff member was working was working at 3am and saw the attack,” ONWASA said.
“IT staff took immediate action to protect system resources by disconecting ONWASA from the internet, but the crypto-virus spread quickly along the network encrypting databases and files.”
Operators at the utility did not pay the ransom and opted out to recreate the infected systems.
“Ransom monies would be used to fund criminal, and perhaps terrorist activities in other countries,” ONWASA reasoned. “Furthermore, there is no expectation that payment of a ransom would forestall repeat attacks.”
The incident response had a significant impact on the operations of the utility in a critical moment, the aftermath of the Hurricane Florence.
ONWASA estimates it will take several weeks to rebuild all of the damaged systems, it will not possible for customers to pay the bill online and major delays will affect the service provided by the utility.
The effects of the Hurricane Florence on the Onslow county were important, schools are still closed and local authorities are still working to clean up debris from the massive storm. It has been estimated that costs to restore the ordinary situation will hit $125m.
(Security Affairs – Hurricane Florence, ransomware)