Yet Another Utility Company Falls Victim to Ransomware Attack



iStock-1145831937The latest ransomware attack on yet another utility company echos the warnings from last year’s report on utilities’ readiness for a cyberattack.

Just two weeks ago, Massachusetts utility company, Reading Municipal Light Dept (RMLD), announced on their website that they had become the victim of a ransomware attack. Calling it a “targeted” attack, RMLD becomes just one of many utility companies to be the focus of cyberattacks by eleven different cybercriminal organizations.

Utility companies are known to be plenty aware of the threats, and are thinking about attacks in terms of both Information Technology and Operational Technology. But, according to Siemens, only 42 percent of utility companies rated their cyber-readiness as “high”, casting doubt on whether they are truly ready. This gives cybercriminals the upper hand, as they are ready and willing to go on the attack.

In the case of RMLD, no operational systems were impacted, and the attack was isolated. But attacks like these can go completely wrong, taking entire operations down. With Operational technology being rated as 10-20 years old, the possibility of vulnerable endpoints, applications, and browsers is high.

Utility organizations need to both work quickly to update any and all network endpoints, even if managing operational technology. For example, hosting an older OS as a VM rather than as a physical endpoint could be one way to remediate the risk older environments pose.

In addition, educating users through Security Awareness Training keeps them from engaging with suspicious and potentially malicious emails and web content – a leading attack vector for ransomware today.

It appears that RMLD got off lightly, the next utility may not be so lucky.


Ransomware Has Gone Nuclear, How Can You Avoid Becoming The Next Victim?

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff.

After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

GoneNuclear-WEBINARJoin us for this webinar where, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, dives into:

  • Why data backups (even offline backups) won’t save you
  • Evolved threats from data-theft, credential leaks, and corporate impersonation
  • Why ransomware isn’t your real problem
  • How your end users can become your best, last line of defense

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/nuclear-ransomware

Subscribe To Our Blog


New call-to-action




Get the latest about social engineering

Subscribe to CyberheistNews