Another day, another ransomware attack – This time, hackers have hit critical infrastructure of the government of the United States.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released an advisory on Tuesday revealing that a natural gas facility in the country shut down its operations for two consecutive days after suffering a massive ransomware attack.
The malware prevented employees from receiving real-time operational data from crucial control and communication equipment, as per the CISA advisory. The facility wasn’t identified by the agency and it only mentioned that it was a natural gas-compression site, the operations of which usually involve using turbines, engines, and motors for saving transmission of gas through pipelines.
It all started with an infected link embedded in a phishing email. The attackers managed to infect the IT and OT networks of the facility with a “commodity ransomware” These units are responsible for handling operational technology servers and controls of the site’s physical processes.
According to CISA, the ransomware wasn’t a new one equipped with ICS-specific functions but a rather common one used to infect Windows systems. The ransomware did impact human-machine interfaces, OT network’s polling servers, and data historians.
The advisory explained that the infection was prevented from spreading to the facility’s programmable logic controllers, which are responsible for controlling compression equipment. Hence, the facility didn’t lose operational control and the attackers coul ..
Support the originator by clicking the read the rest link below.
