Ransomware hackers targeted three US water facilities in 2021, cyber officials say

Hackers targeted three US water treatment facilities with ransomware over the last eight months, officials with the Cybersecurity and Infrastructure Security Agency (Cisa) said in a bulletin released on Thursday.

Cisa said the alert, titled “Ongoing Cyber Threats to US Water and Wastewater Systems,” was released as a result of analyses conducted in cooperation with the Federal Bureau of Investigation, Environmental Protection Agency, and National Security Agency, was meant to “highlight ongoing malicious cyber activity — by both known and unknown actors — targeting the information technology … and operational technology … networks, systems, and devices of US Water and Wastewater Systems (WWS) Sector facilities”.

“This activity — which includes attempts to compromise system integrity via unauthorized access — threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities,” Cisa said.

The bulletin noted that malicious actors have been using “spearphishing” — a technique which involves using forged emails to induce facility personnel to click on malicious links or execute malicious code, giving hackers access to protected systems, as well as exploiting vulnerabilities in older computer operating systems that have not been patched with up-to-date security fixes.

The most recent ransomware attack documented in the report was in August 2021, and targeted a California-based water treatment facility, and was discovered when three servers began displaying ransomware messages.

A month before, cyber actors targeted a Maine water treatment facility with ransomware, forcing the facility equipment to be run manually until its servers could be restored.

And in March 2021, hackers targeted a Nevada water facility’s servers, but were not able to gain control of any treatment equipment because the facility was not fully automated.

The Cisa alert comes just days after the Biden administration convened a multi-day meeting with 30 countries to kick off a “counter-ransomware initiative”.

In remarks to the initiative’s opening session, White House National Security Adviser Jake Sullivan said President Joe Biden has prioritised fighting ransomware with a number of administration initiatives, including a Department of Justice task force which targets ransomware gangs, and the administration’s Industrial Control System Cybersecurity Initiative,” which Mr Sullivan said has helped improve security at utilities serving more than 90 million residential customers across America.

“US Government agencies are pursuing an integrated effort to disrupt the ransomware ecosystem,” Mr Sullivan said. “We recognize the urgency of the ransomware threat, the need to protect our citizens and businesses from it, and the criticality of international cooperation to counter it”.