SecureWorld News

The Stench of Ransomware: Cyberattacks Hit Two Sewage Plants

Written by Drew Todd | Tue | Aug 17, 2021 | 9:49 PM Z

Ransomware attacks do not discriminate when it comes to choosing a victim. If there is an opportunity, cybercriminals will find a way to take advantage, even if you are a small town with seemingly few resources to pay a ransom.

Earlier this year, two ransomware attacks targeted rural communities in Maine, specifically the sewage treatment facilities of two towns, according to the Associated Press.

Mount Desert was attacked in April 2021, while the city of Limestone was attacked on the Fourth of July. Local officials say that no money was paid and no customer data was compromised, but this is a perfect example why small communities need to be just as cautious as big cities when it comes to cybersecurity.

Jim Leighton, the Water and Sewer District Superintendent for Limestone, says the control computer was hit with the ransomware attack. The hackers were unable to cause any harm, but the computer shutdown did take out the alarms that would notify workers if the pumps overheat or the tanks overfill.

Despite the attack, Leighton says it might have worked out for the best:

"It was a bad thing for us but a good thing for the county. Everyone took notice and did things to their computers so they couldn't be hit."

He also mentions that the facility's old control computer, running Windows 7, was going to have to be replaced anyways.

A stinky situation was avoided indeed.

Ransomware attacks on critical infrastructure

As ransomware attacks have skyrocketed in the last year, so has the number of critical infrastructure entities targeted by these attacks.

We have seen attacks on water treatment systems where cybercriminals have hacked facilities to spike sodium hydroxide levels and try to poison the water supply of a city.

We have seen Russian hackers target one of the world's largest meat producers, JBS Foods, disrupting operations for multiple days and affecting the supply chain.

And perhaps the largest ransomware attack involving critical infrastructure was the Colonial Pipeline incident, where one of America's largest oil distributors had its operations disrupted for several days, affecting the supply and price of gas on the East Coast for weeks.

To stay up to date on everything cybersecurity related, follow the SecureWorld News page, check out upcoming Remote Sessions webcasts, and register for SecureWorld conferences this fall.