Ransomware attack stops US gas pipeline operator for 2 days

The U.S. Department of Homeland Security reported that due to the ransomware attack, an unnamed gas pipeline operator ran into a problem: a compressor unit for natural gas malfunctioned, causing the operator to be paralyzed for two days. When exactly this incident occurred, it is not reported, but the government warns other operators of critical infrastructure not to forget about safety measures.

According to the Cybersecurity and Infrastructure Protection Agency, organized by the U.S. Department of Homeland Security (DHS CISA), the incident occurred after attackers used targeted phishing via e-mail to obtain initial access to the organization’s network and then access to its operational network ( network with workstations to manage critical plant equipment and other manufacturing operations).

Having penetrated the operational network, the attackers deployed ransomware, which encrypted the company’s data in both networks (to cause maximum damage), and then demanded a ransom. According to DHS CISA, the attack did not affect the operation of the programmable logic controllers themselves, which directly interact with the factory equipment. However, the operation of human-machine interfaces, archive data storages, a polling server, and so on was disrupted, because of which people-operators were virtually deprived of the opportunity to interact normally with equipment, including the mentioned compressor installation.

As a result, as a precaution, the gas pipeline operator was forced to temporarily suspend operation, although the emergency plan in case of a cyber attack did not require a mandatory shutdown. The downtime lasted about two days, after which the work was resumed as usual.

Interestingly, just a few weeks ago, Dragos specialists published a report on the new EKANS (or Snake) ransomware, which was created specifically for attacks on industrial networks and industrial control systems that gas facilities and other critical infrastructure work with. To date, there is no evidence that it was EKANS that attacked the unnamed gas pipeline operator.

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − 2 =