Michigan Electricity Utility Down for a Week due to Ransomware

Following the news that a water and electricity authority in the US State of Michigan has needed a week to recover from a ransomware attack, Itsik Mantin, director of security research at Imperva and Mark James, Security Specialist at ESET commented below.

Itsik Mantin, Director of Security Research at Imperva:

What do utility services need to do to protect themselves as ransomware and cyber attacks are becoming an ever growing threat?

“Despite the controls on the perimeter and on endpoints, security officers should assume that the attacker will make it in, one way or another. Either by compromising a user’s endpoint or when the attacker is the user himself. Like most of the threats on the enterprise, ransomware attacks focus on the business critical data and can be effectively mitigated by having security controls protecting the places where the data is stored; databases, files or cloud applications, and over the applications through which it is accessed.”

The attack only hit enterprise systems, what could happen if ransomware hits other more critical areas?

“The nature of a ransomware attack, where attackers encrypt the victim’s data until they pay, is not a direct threat to critical infrastructure systems. Ransomware attacks are based on the ability of the attacker to halt-and-release the victim’s data, which is less likely in physical systems. The main risk ransomware presents for critical infrastructure systems is an accidental one. Ransomware tends to corrupt all the data it finds, both locally on the infected machine and everywhere else on the network, regardless of whether the data is a picture of the user from his last vacation or a configuration file used by a critical system.”

Any other comments?

“The transition we’re witnessing where ransomware perpetrators have moved from targeting individuals to enterprises is not very surprising. In the recent years ransomware has evolved into a smooth and highly efficient ecosystem ran by professionals and fulfilling the hacker’s most desired void – the path from infection to money.”

Mark James, Security Specialist at ESET:

What do utility services need to do to protect themselves as ransomware and cyber attacks are becoming an ever growing threat?

“It’s imperative, in this modern day of email born cyber warfare, to understand the current risks and attack methods that may hit the inbox of your entire staff if you want to stay safe. With ransomware being such a massive problem for any company, apart from the obvious solution of backups, it’s better to avoid the damage that malware can inflict in the first place with some good old fashioned user and staff education on clicking links.

With most ransomware entering your company by enticing your staff to click that phishing link or directed to an infected website the best defence is not doing so in the first place. Making sure you’re running a good regular updating internet security product will help to protect you if your users do happen to take the bait. Most good products will provide a good layer of defence for phishing attacks including notifying you if you’re trying to load a potential phishing website. Of course the usual advice of making sure you are using the latest operating systems to ensure your basic levels of security are as high as possible, still stands.”

The attack only hit enterprise systems, what could happen if ransomware hits other more critical areas?

“The potential damage of ransomware is huge. If the right files are encrypted then in theory anything could be ground to a halt. With the right levels of segregation and the correct backup and disaster recovery in place there’s no reason it can’t be either avoided or quickly recovered. As always it’s about forward planning, good security is no more than an insurance policy, you have to have it for when something starts to go wrong, and sooner or later something WILL go wrong.”