Centrale hydroélectrique

A cyberattack, or more specifically a ransomware attack, paralyzed the information system of an American utility plant for an entire week. This is a first for this type of infrastructure, although identical malware had already struck a hospital in California last February. This is a modus operandi inevitably on the rise as its power to cause trouble has certainly proven effective.


The industrial target

The Lansing Board of Water & Light (BWL) is a municipal utility located in the state of Michigan that provides water and power to the entire region. It was launched in 1885 after citizens approved a large bond issue. These funds initially made it possible to build a system for providing drinking water and storing water for fire protection and then later for supplying electricity.


The events of the cyberattack

Everything went awry at the end of April with a simple phishing email. One of the company employees seems to have mistakenly opened an email containing a malicious attachment. The ransomware spread throughout the company’s entire network and started encrypting files in all computers on the internal network. It infected the email service of 250 employees, the accounting system and even “printers and other technology”.


The consequences of this industrial cyberattack

The cyberattack forced the utility to shut down its computer servers and phone lines for a week which, in the best-case scenario, may have only resulted in delayed customer billing. However, being forced to cut off the water supply would have proven to be much costlier. Luckily for Lansing, this was not the case.  Despite the most sensitive data such as customer credit card numbers being spared (because they are processed by a subcontractor), the attackers still might have succeeded in receiving a large ransom payment in exchange for restoring hijacked data.


The rise of ransomware

Ransomware, a member of the large overall family of malware, strikes by encrypting its target’s personal data – taking it hostage. It then demands a sum of money from the target in exchange for the key to decrypt the data. This is an increasingly well-oiled practice according to BWL directors who described it as “intelligent and brand-spanking new… a very sophisticated virus that blew right through a number of our security systems”. Increasingly well-oiled yes, but also increasingly more widespread: The proliferation of attacks recorded led the FBI to publish a report on April 29th which strongly encourages industrial companies to take the necessary measures to protect themselves from these types of attacks as they are likely to grow exponentially in the near future.


This ransomware attack on the BWL is indicative of the recent evolution of cybercrime which is growing stronger and less hesitant to take on large industrial infrastructures such as the case of  the German steel mill in 2014. Cybercrime is spreading and when it comes down to it— going pro – it is a highly profitable business. The age of all things digital just intensifies their margin of maneuver. Therefore, companies must take this increasing threat seriously by implementing full-blown ICS cybersecurity projects.