1 min read

US Gas Company Attacked with Ransomware

Silviu STAHIE

February 20, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
US Gas Company Attacked with Ransomware

Hackers have installed ransomware on systems of a natural gas compression facility in the United States, affecting the operational technology (OT) network, including human-machine interfaces (HMIs), data historians, and polling servers.

The Cybersecurity and Infrastructure Security Agency (CISA) offered details of the attack in an effort to inform other organizations about the danger of such intrustions and mitigation techniques.

In this case, a human served as the entry point for the hackers. Someone fell for a phishing email that contained a link that triggered the installation of malware. After the hackers had access to the network, infecting it with ransomware was easy.

While the attack on the natural gas compression facility could inflict a lot of damage, the hackers lacked access to programmable logic controllers (PLCs), so the company didn”t lose control of the actual operation.

This was one of the more fortunate cases, where the organization had quick access to backups, and restoration only took a couple of days.

“The victim”s existing emergency response plan focused on threats to physical safety and not cyber incidents,” says the advisory. “Although the plan called for a full emergency declaration and immediate shutdown, the victim judged the operational impact of the incident as less severe than those anticipated by the plan and decided to implement limited emergency response measures.”

Mitigation measures recommended by CISA include network segmentation, multi-factor authentication, data backups, specific Account Use Policies and Users Account control, spam filters, endpoint protection, disabling office macro scripts, and keeping software up to date. All of these are just the basic protections any company and organization should employ.

The CISA advisory doesn”t say what type of ransomware was used, how much ransom was requested, or name the hackers, but Ryuk and Sodinokibi have been used in the past on industrial systems.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read