After Hurricane, Ransomware Strikes North Carolina Water Utility

After Hurricane, Ransomware Strikes North Carolina Water Utility

The Onslow Water and Sewer Authority (ONWASA), a critical water utility in North Carolina, has revealed it has been the target of a cyber-attack involving ransomware.

In the aftermath of Hurricane Florence, the power utility has stressed that it will not cower to the ransom demand as both state and federal officials work with the authority to investigate the attack on its computer systems.

While no customer information was compromised, the FBI, the Department of Homeland Security (DHS) and the state of North Carolina are all assisting the utility in the investigation.

The attack began with malware viruses on October 4. Initially, it was presumed that the virus was quarantined but its persistence saw external security experts work with ONWASA IT staff to contain a sophisticated malware dubbed RYUK.  The ransomware spread despite an IT staff member present to contain the attack.

“IT staff took immediate action to protect system resources by disconnecting ONWASA from the internet, but the crypto-virus spread quickly along the network, encrypting databases and files,” the utility said.

ONWASA chief executive Jeffrey Hudson wrote:

In the wake of the Hurricane Florence disaster…ONWASA’s internal computer system, including servers and personal computers, were subjected to what was characterized as “a sophisticated ransomware attack.”

ONWASA soon received an email from attackers believed to be based in another country, with the extortion threat.

“The email is consistent with ransomware attacks of other governments and corporations…,” Hudson wrote. “ONWASA will not negotiate with criminals nor bow to their demands. The FBI agrees that ransoms should not be paid,” he wrote.”

The utility, which is responsible to deliver water to some 150,000 people, will have to deal with a number of processes including service orders, connections, account creations, development review, backflow program and even disconnections manually, as opposed to its dependency on computers. This will “affect the timelines of service(s) for several weeks to come,” the utility added.

Image credit: Pexels.