|Water Treatment therecord.media|
Ransomware gangs have silently hit three US water and wastewater treatment facilities this year, in 2021, the US government said in a joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA.
The attacks —which had been previously unreported— took place in March, July, and August and hit facilities in Nevada, Maine, and California, respectively.
The attacks led to the threat actors encrypting files, and in one case, even corrupting a computer used to control the SCADA industrial equipment deployed inside the treatment plant.
The three new incidents [see below] were listed as examples of what could happen when water treatment facilities ignore and fail to secure their computer networks.
- In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS [water and wastewater system] facility. The ransomware variant had been in the system for about a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message.
- In July 2021, cyber actors used remote access to introduce ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA computer. The treatment system was run manually until the SCADA computer was restored using local control and more frequent operator rounds.
- In March 2021, cyber actors used an unknown ransomware variant
against a Nevada-based WWS facility. The ransomware affected the
victim’s SCADA system and backup systems. The SCADA system provides
visibility and monitoring but is not a full industrial control system