In-brief: A Michigan utility was knocked offline for much of last week following a ransomware infection that compromised the utility’s corporate network, but did not affect the delivery of water and electricity.
A Michigan utility was knocked offline for much of last week following a ransomware infection that compromised the utility’s corporate network, but did not affect the delivery of water and electricity.
The Lansing Board of Water and Light (Lansing BWL) in Lansing Michigan said that it was the victim of a ransomware attack that was launched by way of a phishing attack, according to a message posted on the company’s Twitter account (@BWLComm) on the 25th.
The local utility reported that its systems were quickly restored and said, on Monday, that its customer service line had returned to “normal hours.” However, the incident is just the latest involving ransomware and critical infrastructure, following serial attacks on hospitals and medical facilities nation-wide.
According to a FAQ published by the utility, the infection resulted in a “self imposed lockdown of all corporate systems.” That required the organization to shut down its accounting system, email service and phone lines, including a customer assistance line and the line for reporting outages.
With the advent of severe weather in the area, the utility quickly restored a number for reporting outages, but said, in a Twitter statement, that “no other reporting systems will function due to the cyber attack.” The utility’s operations were unaffected by the incident. However, a voice recording informed customers that regularly scheduled utility bills would be mailed 7-10 days late. BWL said customer and employee data, including credit card data, was not affected.
Lansing BWL is a municipally owned water and electric utility that provides drinking water, electricity, steam and related services to the Greater Lansing area in Michigan.
Ransomware infections often spread through malicious email attachments disguised to look like legitimate correspondence. Once ransomware has infected a single system inside a company network, it spreads by way of network shares to other, vulnerable systems, infecting any files it can find and holding them for ransom.