You are here
Ransomware shuts US gas compressor for 2 days
A RECENT ransomware attack caused a US natural gas compressor facility to shut for two days, the latest in a string of attacks targeting the country's energy infrastructure over the past few years.
Hackers sent e-mails with a malicious link to gain control of the facility's information technology system, the Department of Homeland Security (DHS) said on Tuesday in an alert.
The agency did not say which facility was targeted, when the attack occurred or who was behind it.
It appears likely that the attacker explored the facility's network to "identify critical assets" before executing the ransomware attack, said Nathan Brubaker, a senior manager at the cyber security firm FireEye.
This tactic, which has become increasingly popular among hackers, makes it "possible for the attacker to disable security processes that would normally be enough to detect known ransomware indicators", he said.
The DHS alert comes amid increased concern about whether ageing US energy facilities are equipped to ward off cyber attacks that could result in power failures and disruptions to oil and natural gas supply.
In 2018, the electronic systems of several pipeline companies, used to communicate with their customers, was shut down after being targeted by hackers.
Regulators have urged better oversight for pipeline cyber security, which is overseen by the Transportation Security Administration (TSA).
DHS announced in 2018 that it was working with the TSA and the Department of Energy on a pipeline cyber security initiative.
Operations at the latest facility to be attacked have been restored, said an official the Department of Homeland Security's Cyber Security and Infrastructure Security Agency, who requested anonymity in speaking about the matter. He said the incident illustrated the risk that ransomware poses to industrial control systems.
Though the hackers did not gain control of the gas compression facility, the operator decided to perform a controlled shutdown after being unable to read and aggregate real-time operational data from certain devices.
While ransomware is usually designed to block access to a computer system until a sum of money is paid, the DHS notice did not specify what the hackers were demanding in the cyber attack.
The facility's emergency response plan did not specifically address the risk of cyber-attacks, DHS said. BLOOMBERG