Viruses and malware detected in German nuclear power plant computers

The Gundremmingen nuclear power plant located 120 km northwest of Munich, Germany has been infected with computer viruses and malware.

The station's operator said that the viruses appear not to have posed a threat to facility operations since it is isolated from the internet. RWE, the German utility that runs the plant, said the viruses include “W32.Ramnit” and “Conficker”. The viruses were discovered in the B unit of Gundremmingen in a computer system retrofitted in 2008 with data visualisation software used with equipment for moving nuclear fuel rods.

The W32.Ramnit worm spreads through removable drives and can steal login credentials. According to Symantec, “The worm also functions as a back door allowing a remote attacker to access the compromised computer.”

Conficker has infected millions of Windows computers around the world since 2008.

Malware was also found on 18 removable data drives, mostly in USB sticks and office computers that were separate from the plant's operating systems. Cyber-security measures were increased following the discovery.

RWE informed Germany's Federal Office for Information Security (BSI), which is now working with IT specialists at the group to look into the incident.

“In Gundremmingen nuclear power plant, so-called office-malware has been found under revision preparatory testing work in Block B,” said a statement released by the plant. “The incident has been classified in accordance with the German reporting criteria into the N (Normal) category. After the international scale for assessment of events (INES) is assigned to Level 0 (below the scale, zero or very low safety significance). A hazard to personnel, the environment or the system was not involved.”