The Department of Homeland Security CISA is warning critical infrastructure operators to redouble their security efforts after a natural gas compression facility was hit and shut down by a ransomware attack.
The attackers used a spearphishing email containing a link to gain access to the operator’s network and then moved laterally to the target’s operational technology (OT) network where ransomware was downloaded encrypting files on both networks. This resulted in a loss of availability on the OT network to include human machine interfaces, data historians, and polling servers.
“Impacted assets were no longer able to read and aggregate real-time operational data reported from low-level OT devices, resulting in a partial Loss of View for human operators. The attack did not impact any programmable logic controllers and at no point did the victim lose control of operations,” CISA reported.
The victim did not have a cyberattack response plan in place, only one for protecting the facility against a physical attack, but did take the correct cybersecurity measure and shut down its operations for two days to handle the problem.
“This ..
Support the originator by clicking the read the rest link below.
