Hackers used a spear-phishing campaign to successfully target an undisclosed natural gas compression facility here in the US, leading to a two-day closure.
Their network and data were encrypted with ransomware, which essentially shut down the company’s control and communication abilities.
While CISA did not provide many details about the virus involved, it appears that the powering down of operations was purposeful, so they could restore their backups. It is unknown if a ransom was paid; hopefully not, considering they did have backups at the ready.
Distressing Trend
Attacks on the energy sector are increasing. In fact, less than two weeks before this occurrence, the security firm Dragos, reported a new ransomware called Ekans (Snake backwards), which is seemingly designed just for this sector! Additionally, the U.S. National Counterintelligence and Security Center announced earlier this month that protecting the infrastructure of the energy sector is a top national security concern.
Which is why CISA is releasing details about this latest known attack. The energy sector needs to take note and plan for a cyberattack as if one is inevitable.
Getting Prepared
CISA advises all organizations should take the following precautions sooner rather than later:
- Create an Emergency Response plan and fail-over systems
- Train employees not only what to do in an emergency, but also how to spot threats
- Segment networks, which will help stop the spread of the virus if attacked
- Implement:
- Multi-factor authentication
- Regular backups
- Update software ASAP
- Strong spam filters
Impact of Ransomware
Even though the unnamed natural gas company was somewhat prepared, it appears there where major gaps in their cybersecurity. It did not close down the facility for good, but it did:
- Cause them to lose the ability to access real-time data
- Compromise Windows-based devices
What does this mean for your business?
Are you unsure of just how secure your cybersecurity measures are? Schedule a free consultation now, or call us at 919-422-2607 for any questions you might have.