The Michigan Board of Water & Light (BWL) has suffered a ransomware attack. The BWL is a public electricity utility company, the third largest in the state of Michigan, serving the greater Lansing area.
The attack occurred on April 25th, affecting BWL's corporate systems. BWL announced the infection on Twitter:
[1/4] Today we were the victim of ransomware that came in through a phishing virus and infected our corporate networks.— Lansing BWL (@BWLComm) April 25, 2016
The company quickly locked down and in a statement published on twitter were keen to point out, “this incident should have no impact on the delivery of your water and electricity.”The statement added that “based on everything we now know no credit card information was involved in the incident”, considering that payment information is all handled by third parties.
— Lansing BWL (@BWLComm) April 25, 2016
[3/4] We are working with local, state and federal law enforcement authorities. No utility functionality has been lost during the attack.
Law enforcement are currently investigating the incident and BWL have brought in outside experts to further investigate the attack. Meanwhile, industry professionals wiped their foreheads, thankful for the fact that the attack was not something more vicious.
Ryan Kalember, senior vice president for strategy at Proofpoint told SCMagazineUK.com that “If there is any good news here, it's that the ransomware appears to be a garden variety email attack, and not a new variant that affects SCADA or other industrial control systems. Nonetheless, the interruption to the BWL enterprise systems is an unfortunate reality of a ransomware infection. Not having access to critical information and properly functioning systems can increase emergency reaction time and put public safety at risk.”
Still, added Mark James, Security Specialist at ESET, “the potential damage of ransomware is huge. If the right files are encrypted then in theory anything could be ground to a halt. With the right levels of segregation and the correct backup and disaster recovery in place there's no reason it can't be either avoided or quickly recovered.”
BWL did not respond to SC in time for publication.