The third-largest electric and water utility in Michigan has shut down all its corporate IT systems while it attempts to clean up after a ransomware attack.
The Lansing Board of Water & Light (Lansing BWL) announced last Monday, 25 April, that it was hit by ransomware after a phishing attack.
[1/4] Today we were the victim of ransomware that came in through a phishing virus and infected our corporate networks.
— Lansing BWL (@BWLComm) April 25, 2016
Although Lansing BWL said there was no interruption in service, the utility entered a “self-imposed lockdown of all corporate systems,” which has so far lasted more than a week.
The utility’s IT systems, including administrative systems and online customer services, had to be taken offline – including the online system for reporting power outages (customers can call a toll-free number to report outages).
Customers should call 877-295-5001 or 517-342-1030 to report all outages. No other reporting systems will function due to the cyber attack.
— Lansing BWL (@BWLComm) April 26, 2016
In an FAQ shared via Twitter, Lansing BWL said no employee or customer data was stolen, and credit card information was “not involved” because it is stored and processed by a third party.
Here are responses to commonly asked questions we've received following the cyber incident that happened on 4/25. pic.twitter.com/W81KUjQnT1
— Lansing BWL (@BWLComm) May 2, 2016
The message tweeted out with the FAQ reads:
Early in the morning on Monday, April 25, the BWL became aware of a malware incident that affected BWL’s corporate network. As a precaution we immediately initiated a self-imposed lockdown of all corporate systems. The incident should have no impact on the delivery of your water and electricity. All of BWL’s utility operations are and remain fully functional.
BWL has retained licensed incident response experts with nationwide experience in addressing these types of incidents. In addition to their ongoing efforts to assist BWL in the review and evaluation of BWL’s IT systems, these experts are supporting the return of BWL’s administrative services to full functionality. We continue to cooperate with law enforcement’s ongoing investigation.
BWL and its experts will work continuously until they are satisfied that all systems are fully functional and validated with industry standard security protocols. BWL will keep its customers informed of all progress.
Lansing BWL said it is working with law enforcement as it investigates the attack, but the utility made no mention of how much the crooks demanded for ransom.
A hospital in California paid a ransom of 40 bitcoins (about $17,000) after it was hit by a ransomware attack in February that forced it to shut down all its computers and email for a week.
The hospital relied on fax machines and paper records to keep functioning.
Prevention is far better than a cure. If you’re worried about ransomware affecting your personal or business files or systems, check out our 8 tips for preventing ransomware.
Bryan
A single entity, delivering both water *and* power to your home… hrm.
After recovering from ransomware they’ll streamline both maintenance and billing when they combine outlets and faucets. Water and Light indeed.
mikemiller125
Did they not have backups? I mean…we had a ransomeware attack on a client on a legacy network still in place that encrypted half of the major file server it was mapped to last Friday. User was infected, didn’t report it at about 4 AM. I was called in to help my site support person at about 10 AM, when it was discovered. We had identified the source in about 30 minutes, took it offline, and restored TB of data from before the attack and the whole process was done by 4PM that day. There is an EASY way to cut the heart out of remains were and it is simple…backups. I’m the past 6 years, I have dealt with 2 attacks, first at a smaller company and this last time with a very very large enterprise and the solution was always the same. Ransomware is a real threat that can wreak havoc but it never keeps me up at night.