Ransomware gangs have targeted at least three different water facilities in the United States this year, according to a new government report. The news, if true, represents a frightening escalation in cybercrime, showing that hackers are increasingly willing to put people’s lives at risk for money.
A joint advisory, released Thursday by the Cybersecurity and Infrastructure Security Agency, FBI, NSA and Environmental Protection Agency, reveals a number of previously unknown incidents involving malware attacks on water systems across the country. Unbeknownst to the public, most of the incidents have taken place in recent months, the advisory says.
The incidents began in March, when an unnamed Nevada-based water plant was infected with an “unknown” variant of ransomware, the report says. The malware affected the facility’s supervisory control and data acquisition system, or SCADA– essential operational computing commonly used by large organizations to remotely monitor and manipulate industrial systems. The malware also affected the plant’s backup system.
Months later, in July, a similar incident occurred in Maine, where bad actors abused remote access tools to launch ransomware on another facility’s SCADA. A month later, another incident occurred, this time in California, where water plant staff discovered digital ransom notes on multiple servers.. Similar incidents allegedly took place at factories in New Jersey and Kansas in 2020 and 2019, respectively, according to the report.
According to the report, these systems may have been compromised by a number of rudimentary security schemes or penetration techniques. Spearheading facility workers, targeting “unsupported or outdated operating systems and software” and exploiting control systems with vulnerable firmware are all entry routes, according to the report.
Mishandling of operational technology in water supply systems could, in some cases, effectively poison a water supply. As an example, an incident earlier this year in Oldsmar, Florida., saw an unknown hacker hijack the city’s water facility and increase its sodium hydroxide content to toxic levels. The incident was never fully explained.
Ransomware, which has been around for decades, has become an increasingly destructive force, both in the United States and around the world. A virtual meeting organized by the White House Tuesday senior officials from 31 different countries gathered to discuss the threat of ransomware and steps that could be taken to advance an internationally coordinated approach to tackle it.
The U.S. Treasury’s Financial Crimes Network, or FinCEN, also reported on Friday published a report showing how the ransomware industry has flourished over the past few years, with much of its growth apparently fueled by cryptocurrencies. According to the report, investigators discovered some $ 5.2 billion in bitcoin payments that are “potentially linked” to ransomware operations. It’s a whole bunch of malware.