Utility provider becomes a victim of ransomware

October is National Cyber Security Awareness Month, which aims to educate users on current threats and protection measures.

The spotlight on cybersecurity has gotten even brighter recently, as organizations observe National Cyber Security Awareness Month.

This year is the tenth anniversary of the initiative sponsored by the Department of Homeland Security, the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. The drive for cybersecurity awareness aims to engage the public and private sector to increase recognition of cybersecurity and provide education that will increase the resiliency of the nation’s cyber infrastructure.

Utility computer shutdown
Within the last few weeks, users have seen an increase in ransomware that locks down a system and demands payment for its restoration. During Cyber Security Awareness Month, service providers, technology experts and other entities are seeking to raise knowledge relating to this kind of threat, among others, and advise users to put certain protections in place, including system restore software. This kind of technology can help a user correct issues relating to ransomware.

Recently, the utility system in Clay Center, Kansas was a victim of cyber lock malware. The Clay Center Public Utilities computer system was infected with ransomware, causing a complete shut down. The infection was traced to hackers based in Russia who locked administrators out of the computer system and notified them that after receiving a $300 payment, the system would be restored. If payment was not sent, all files and content on the computer would be destroyed, including information relating to scheduling, budgeting and billing.

“They give you 100 hours to send them $300” said CCPU superintendent Bill Callaway.

The ransomware message was contained in an email from the utility department’s email provider, North Central Kansas Communications Net. Believing the email to be malignant and not a risk to the system, administrators opened it, only to be locked out of the computer.

In such a case, organizations can utilize system restore and recovery software to bring the system back to working order. Had CCPU used this kind of protection strategy, they would have been better protected against attacks of this kind.

Callaway said IT experts have been in communication with other victims in Indonesia, Europe, Germany and other areas of the world to gauge how they dealt with the cyber lock malware. Of those who paid the ransom, some did have their systems restored, however most lost a significant amount of data whether or not they sent money.

In order to prevent losing data through such an attack, individuals and organizations should protect their systems with system restore software, which brings workstations back to predetermined settings.

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.