Water utility attacked by sophisticated timed malware


In the wake of the Hurricane Florence disaster, ONWASA, a critical water utility has been specifically targeted by cybercriminals.

ONWASA’s internal computer system, including servers and personal computers have been subjected to a sophisticated ransomware attack that has left the utility with limited computer capabilities.

Customer information was not compromised in the attack. However, many other databases must be recreated in their entirety.

The utility is coordinating with the Federal Bureau of Investigation, the Department of Homeland Security, the State of North Carolina and several technology security companies.

The crisis is technological in nature and the safety of the public’s water supply is not in any danger.

ONWASA has been experiencing persistent virus attacks from October 4. The virus is known as EMOTET, a polymorphic malware. The virus was initially thought to be under control, but when it persisted ONWASA brought in outside security specialists to work on the problem with IT staff.

At what may have been a timed event, the Malware launched a sophisticated virus known as RYUK at approximately 3am on Saturday 13 October.

An ONWASA IT staff member noticed the attack and took immediate action to protect system resources. The crypto-virus however, spread quickly along the network encrypting databases and files.

The attack is similar to in nature to those experienced by Atlanta, Georgia and Mecklenburg County, North Carolina.

ONSWASA had multiple layers of computer protection in place, including firewalls and malware/antivirus software. The defenses of the computers at the main office were penetrated.

ONWASA has received one email from the cybercriminals, who may be based in a foreign country.

Click here for the full press release.