The Growing Threat of Ransomware to Public Utilities in 2021

Protect your files from ransomware The threat of ransomware attacks on the public utility sector is steadily increasing. Historically, these attacks have targeted credit cards and social security numbers sent over email. Lately, attackers are getting more innovative and are stealing from more sources as technology continues to advance[1].

According to the 2020 Microsoft Digital Defense Report, over 13 billion malicious and suspicious e-mails were blocked by Microsoft between January 2019 – October 2019. These blocked emails contained over one million malicious links that could have led to ransomware attacks on sensitive information[2].

This digital extortion tactic has successfully played on fear; ransomware attacks claim a new victim every 10 seconds[3]. It is important to know how to protect your utility and sensitive information before it is too late.

How Does Ransomware Impact Public Utilities?

As an official of a community-owned public utility, you must be aware of the impact ransomware attacks can have on the day-to-day responsibilities of critical infrastructure. With ever-growing changes in market conditions and the advancement of technology, public utilities are not exempt from the need to adapt to cloud computing and digital transformation[4]. This shift, however, presents the perfect opportunity for cybercriminals to attack your digital assets.

If a ransomware attack targets a public utility, the effects could be detrimental. If utilities do not take ransomware protection more seriously, it could lead to the public not having access to power, water, and critical infrastructure[5]. It is crucial that ransomware is discussed during business continuity planning and in the development of recovery plans, with a specific roadmap developed.

How Ransomware Is Evolving

Ransomware is not a “one-size fits all” attack – it is continually evolving based on the information the cybercriminal may desire. Cybercriminals follow current events to target their bait. Once you open an infected file or web page, there is no turning back[6].

Ransomware has continually evolved over time, with a notable increase in attacks over the years. In 2015, the United States saw an average of 1,000 daily attacks; this increased by 300% to 4,000 daily attacks in 2016[7]. In 2019, the average ransom demand is increasing as well; the average cost of a ransomware attack is $133,000 – including the cost of the ransom, downtime, and remediation[8].

The evolution of ransomware attacks reminds us to act with caution and implement precautionary measures to avoid these attacks on sensitive and critical information.

Should You Pay The Ransom Demand?

This is the key and difficult question. Paying a ransom does not guarantee that you will receive all of your data. According to the 2021 Sophos State of Ransomware Study, organizations that paid the ransom fee only had 65% of their data returned[9]. However, payment may be the best choice given the circumstances.

There are recommended steps to take if and when you are attacked by ransomware. The first step to any ransom demand should be to isolate the infected system immediately; it should be removed from the network to ensure that cybercriminals cannot access shared drives. Contact your local law enforcement. They could have access to decryption methods and procedures to assist you. It is important to change all passwords and network passwords after the system is removed from the network.[10] Next steps, remediation methods, and ransomware payments are very dependent on the circumstance.

Your Organization Could be Attacked

It is daunting to think that one day you could be on the receiving end of a ransomware attack. These attacks could lead to monetary losses, suspension of operations, and other difficult predicaments to deal with.

Below is a sample list of utility companies that have faced ransomware attacks:

Centrais Eletricas Brasileiras (Eletrobras)– Largest Power Company in Latin America[11]

Electrobras fell victim to a ransomware attack that led to stolen data being published online, including network logins and plans for engineering. This attack forced them to shut down operations and services provided to clients.

The attackers stole over 1,000GB of data, including personally identifiable information of management and customers.

Lansing Board of Water and Light, Michigan[12]

This ransomware attack left staff members locked out of their computers and affected the Lansing Board of Water and Light’s enterprise system. Thankfully, the cybercriminals did not get into information regarding the supply of electricity and water, leaving the clients uninterrupted.

This attack occurred after an employee opened an email with a malicious attachment – this action caused the ransomware to spread throughout the network. Lansing immediately shut down their systems to lessen the spread.

Colonial Pipeline, Georgia (Pipeline Runs from Texas to New Jersey)

The ransomware attack on the Colonial Pipeline took place in May of 2021 and resulted in the closure of the 5,500-mile pipeline system. This attack left thousands of gas stations in the Southeast US without fuel. According to Reuters, this is the most disruptive cyberattack on record[13].

The attackers took nearly 100GB of data out of the network in 2 hours. The company paid the ransom fee of approximately $5 million in cryptocurrency, which means the recipient is unknown. However, the FBI was able to confirm the source of the 6-day outage[14].

What Measures Can You Take To Help Protect Customer Data?

While it may be difficult to fully protect your company from these attacks, there are precautionary measures that can be taken to lessen their severity. Good cyber hygiene should be adopted, including the following practices:

Anti-Phishing Tools—The use of a tool and service to prevent phishing attacks should be the first line of defense. This will eliminate the delivery of ransomware attacks to your inbox and therefore lessen the risk.
Education and Training—Proper education is the baseline of preventing these attacks. Educating your workforce on how to detect potential ransomware attacks can reduce the risk.
Patch Management—Patch Assessments and Patch Management can correct any errors or vulnerabilities in your software and “patch” the holes.
Vulnerability Assessments—Provides a systematic review of vulnerabilities within a company, and necessary mitigation steps.
Penetration Testing—Emulates a cybersecurity attack to determine and examine the weaknesses of the targeted system.
Back-up Key Data Regularly—With up-to-date backups you can greatly lessen the impact of ransomware demands. It is important to always have data backed-up and regularly tested.
Ransomware Response Plan—Develop a cross-functional plan that includes clarity of roles and responsibilities and process to remediation.

Free Cybersecurity Consultation From Acumen

This article was written for Hometown Connections, Inc., by Acumen. A consulting services partner of Hometown Connections, Acumen provides a holistic approach to cyber risk management and is fully equipped with proven risk-based practices to assess cyber environments and identify exposures across the “three legs of the cyber stool” (Governance & Process-People-Technology).

Acumen would be pleased to discuss your specific requirements and their services with you. Acumen is offering a no-charge consultation with one of their cybersecurity specialists. To arrange your free consultation, send an email to info@hometownconnections.com.

Turn Security Into A Strategy

Hometown Connections, Acumen, and Marsh USA offer comprehensive cyber, physical, and environmental security consulting and risk management solutions. Send your inquiry to info@hometownconnections.com to learn how we can help your organization address today’s urgent security challenges.

The Growing Threat of Ransomware to Public Utilities