US authorities talk about three ransomware attacks on water treatment plants

A security bulletin released this week by the FBI, NSA, CISA and EPA states that in 2021 hackers carried out ransomware attacks that targeted three American water treatment plants.

The unreported attacks reportedly occurred in March, July and August this year, affecting businesses in Nevada, Maine and California. In the course of these incidents, the attackers encrypted the victims’ files, and in one case even damaged the computer used to control the industrial SCADA equipment that was used to operate the treatment facilities.

  1. In March 2021, hackers used an unknown ransomware against WWS [water and wastewater] systems in Nevada. The attack affected the SCADA system and backup systems of the victim company. Fortunately, the SCADA system provided visibility and monitoring, but was not related to process control (ICS).
  2. In July 2021, attackers gained remote access and injected the ZuCaNo ransomware on the SCADA computer of an unnamed WWS enterprise in Maine. The wastewater treatment plant operated in manual mode until the SCADA machine was rebuilt locally.
  3. In August 2021, cybercriminals used Ghost malware against the California-based WWS enterprise. The malware was in the system for about a month and was only discovered after three SCADA servers showed ransom notes.

All three incidents are listed by law enforcement officials as examples of what can happen if wastewater treatment plant operators ignore safety requirements and are unable to protect their computer networks.

At the same time, representatives of government agencies emphasize that, in general, they do not observe an increase in the number of attacks on water treatment plants and other water systems in the United States. But while attacks on other sectors are more common, water supply and sanitation systems are critical infrastructure and perform critical functions nationwide.

Thus, the authors of the bulletin conclude that the security of such objects should correspond to the role they play.

Let me also remind you that we wrote that DoS-attack in the US caused power station failure.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button