BWL Electric and Water Utility shut down by ransomware

Pierluigi Paganini April 30, 2016

The Lansing Board of Water & Light (BWL) utility has had to shut down systems, phone lines in response to a ransomware-based attack.

The Lansing Board of Water & Light (BWL) utility has had to shut down systems, phone lines in response to a ransomware-based attack.

Another ransomware attack against a critical infrastructure is in the headlines, this time the dreaded malware has infected and shut down an electric and water utility.

Other critical infrastructures across the world were targeted by ransomware in the past months, including hospitals and water facilities.

This specific category of malware allows crooks to easily monetize their efforts, demanding a ransom to restore the encrypted data.

Everything is connected to the internet is potentially exposed to ransomware-based attacks.
Everything that is connected to the Internet, including medical devices and Internet of Things systems.

The American public utility Lansing Board of Water & Light (BWL) has confirmed that the systems of the company have been infected by a ransomware that caused the paralysis of the internal computers.

BWL ransomware
The plant was infected earlier this week, according to the Lansing State Journal a member of the internal staff opened a malicious email attachment.

“As the infection spread, it encrypted files on other computers and required Peffley and staff to find a way to fight a virus that he said is “brand spanking new.”” reported the Lansing State Journal.

Once the employee has opened the malicious attachment, the malware was dropped and executed on the company system and began encrypting the files.

“A cyberattack this week on BWL’s internal network forced the utility to shut down its accounting system and email service indefinitely for about 250 employees. It also forced the utility to shut down phone lines, including a customer assistance line that’s often used for account inquiries. Power and water shutoffs by the utility are also suspended until further notice.” continues the Lansing State Journal.

Operators at BWL in response to the incident shut down the internal network and suspend internal operations, including Power and water, email service, and accounting for the internal staff.

At the time I was writing there isn’t information of the type of malware that infected the systems at the BWL. The FBI has launched an investigation about the incident alongside with local law enforcement authorities. There is no news if the BWL paid the ransom to the crooks.

The company confirmed that the incident hasn’t exposed personal information belonging to its 96,000 customers.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Ransomware, BWL)

you might also like

leave a comment