Search This Blog

Powered by Blogger.

Blog Archive

Labels

A Recent Ransomware Attack Targeted Multiple Electric Utilities

A ransomware based on Black Basta attacked the Chicago-based electric energy company.

 


In an October ransomware attack, hackers stole data belonging to multiple electric utilities across the country from a US government contractor. The information was obtained by CNN from a memo that described the hack in detail. 

As part of the federal government's ongoing effort to determine whether the incident will have any serious effects on the US energy sector, it has been closely monitored to evaluate the extent of any impact. Private investigators have searched for stolen data on the dark web. It was in this regard that the North American grid regulator, through its cyberthreat sharing center, sent a memo to senior executives of power companies this month. 

The previously unreported incident offers a glimpse into the complex procedures of what happens behind the scenes when critical US companies are attacked with ransomware. To assess the level of damage caused by this incident, lawyers and federal investigators quickly sprang into action. 

An attack has been reported on Sargent & Lundy, a Chicago-based company that has designed over 900 power stations and thousands of miles of power systems. A ransomware attack encrypts sensitive data related to stations and systems. 

In addition to handling nuclear issues, the company also works with the Departments of Defense, Energy, and other agencies to prevent terrorists from getting their hands on weapons of mass destruction and strengthen nuclear deterrence. 

Several people close to the investigation of the Sargent & Lundy hack have told CNN that the event was contained and properly resolved. This is because it does not appear that it had a broader impact on other firms in the power sector. 

The Electricity Information Sharing and Analysis Center tells us that there is no indication that the data stolen from Sargent & Lundy is on the dark web. The data includes "model files" and "transmission data" that the firm uses for utility projects and does not appear to have been accessed by anyone else. 

Nevertheless, security experts have long worried that contractors that work in the electric and nuclear power industries might dump schematics online as a means of launching follow-up physical or cyberattacks against their facilities. 

Several attacks on electric utility customers in multiple states that have resulted in physical assaults and vandalism have created an atmosphere of urgency raising concerns. A Duke Energy substation near Moore County, North Carolina, was damaged by gunfire this month, which resulted in thousands of people losing electricity in the area. After a vandal damaged multiple substations in Washington County, hundreds of thousands of people lost power on Christmas Day as a result of vandalism. 

Brenda Romero, the spokesperson for Sargent & Lundy, said in a statement to CNN that the company has fully recovered from the incident. This incident had a limited impact on its normal business operations. He added that the firm had notified law enforcement about the hack, which was made public on Friday. 

It was Romero's decision to decline further questions regarding the ransomware attack. This included whether the hackers had attempted to extort Sargent & Lundy through the extortion. It was because an investigation was still ongoing. 

According to the Biden administration, companies should share information about such hacks with each other. The reason for this has to do with the fact that US officials are still trying to get a grip on the ransomware epidemic. There have been millions of dollars lost due to this breach of critical infrastructure. 

A strain of ransomware known as Black Basta was used during the attack against Sargent & Lundy. According to two people familiar with the investigation, this strain was first detected early this year. As a result of the Black Basta attacks, Palo Alto Networks, a cybersecurity company, has reported scores of attacks on its website since April. Hackers steal the data and use that data as leverage to demand a ransom from their victims. 

Known for its work on critical infrastructure projects across many sectors of the economy, Sargent & Lundy is one of several engineering firms that have served the needs of the industry for several years. This engineering work can be a challenge for U.S. cybersecurity officials to evaluate as it pertains to its risk to supply chain security. This is in comparison to a company that only makes software. This is because engineering work requires more scrutiny. 

The federal government requires that electric utilities adhere to a set of cybersecurity standards that protect their systems against intrusions and hackers. Experts told CNN that companies that contract with these utilities to deliver services, such as Sargent & Lundy, are generally not held to the same security standards. Instead, they are subject instead to the contract's security requirements.
Share it:

cyber threat

Electric Utilities

malware

Ransomware

US