A spokesperson from ONWASA (Onslow Water and Sewer Authority) believes that the recent ransomware attack on the utility might have been part of a planned attack. So far, the evidence does not suggest otherwise. The ransomware associated with the attack has been found out to be the notorious Ryuk Ransomware.
The attack occurred on Saturday at about 3 a.m. Thankfully, an IT official from the utility managed to detect it. He instantly removed all the internet connections linked to the servers and PCs of the utility in hopes for ransomware removal. Despite the quick response of that professional, the ransomware still managed to propagate around the company’s network where it applied encryption on company’s IT assets, mainly databases. The attack managed to infiltrate in the utility’s main offices.
Security analysts have already likened the attack to the ransomware attacks on Georgia, Mecklenburg Country, and Atlanta. According to an official of ONWASA, the utility had bolstered its cyber defense with the integration of anti-ransomware tools and firewalls.
The cybercriminals involved in the attack contacted ONWASA via email, which has led some people to believe that hackers may reside in a foreign country. The email is not too dissimilar to other ransom notes and carries the standard warning to pay money in exchange for ransomware removal and data access.
It is feared that the ransom amount may be exploited by hackers for the funding of terrorist activities. ONWASA has denied any possibility of ransomware payment as it does not want to engage with criminals and support their heinous crimes. Additionally, there is no guarantee about any sort of ransomware removal after the payment is sent to the perpetrators. The FBI –– which is assisting ONWASA in the aftermath of the breach –– supported ONWASA’s stance and discouraged against any payment to hackers.
