The computer network of a water and electricity supplier in the State of Michigan in the United States was taken down for a week following a cyber attack.
A hacker whose identity remains unknown infected the computer networks of the Lansing Board of Water & Light (BWL) using malware whose technical specifications have not been disclosed.
On the morning of April 25, BWL detected the malware and immediately shut down its computer networks in order to prevent it from spreading. The program appears to be ransomware: malicious software encrypting the data of an owner from whom a ransom is then demanded in exchange for the key to decrypt the data. Electricity and water distribution networks were in fact spared in the attack.
A simple phishing email caused the outage
BWL had to shut down its servers, including telephone, for a week. The company has ensured that this shut down of its computer networks will only result in a delay in billing for its customers. Since credit card data is processed by an external company, this data is safe.
The company refused to provide more detail about the hackers’ demands and how it has secured its computer network. Lacking further information, it would appear that BWL was swept up in a massive and indiscriminate infection campaign. The company acknowledged that an employee inadvertently opened an infected attachment in an email. It is very likely that this email was sent to thousands of potential victims.
Ransomware attacks rapidly increasing according to the FBI
This attack comes amid increasing ransomware attacks against public institutions, in particular in February against the California-based Hollywood Presbyterian Hospital.
This proliferation of attacks prompted the FBI to issue a report on April 29 stressing the need for all public and private organizations to protect themselves against this risk. The FBI called in particular for increasing staff awareness and having business continuity plans in place as soon as possible (regular backup procedures for data on servers that are not connected to the computers to be protected) to respond to attacks that will increase in 2016.