Ransomware gangs targeted multiple water facilities in the U.S. this year, a new government report claims. The news represents a frightening escalation in cybercrime—showing that hackers are increasingly willing to put people’s lives at risk for the sake of money.
A joint advisory, published Thursday by the Cybersecurity and Infrastructure Security Agency, the FBI, the NSA, and the Environmental Protection Agency, reveals three previously unknown incidents involving malware attacks on water systems throughout the country. Unbeknownst to the public, most of the incidents seem to have taken place over the past several months.
The incidents started in March, when an unnamed Nevada-based water plant was infected with an “unknown” ransomware variant, the report says. The malware affected the facility’s supervisory control and data acquisition system, or SCADA—the pivotal operational IT commonly used by large organizations to remotely monitor and manipulate industrial systems. The malware also affected the plant’s backups system.
Months later, in July, a similar incident occurred in Maine, where bad actors abused remote access tools to unleash ransomware on another facility’s SCADA. A month later, another incident—this time in California, where water plant staff discovered digital ransom notes on multiple severs. Similar incidents reportedly took place at plants in New Jersey and Kansas in 2020 and 2019, respectively, the report states.
These systems could have been compromised via a number of rudimentary security schemes or penetration techniques. Spear phishing of facility employees, targeting of “unsupported or outdated operating systems and software,” and exploitation of control systems equipped with vulnerable firmware are all avenues for entry, the report says.
Improper manipulation of operational technology in water systems could, in some cases, effectively poison a water supply. As example, an incident earlier this year in Oldsmar, Fla., saw an unknown hacker hijack the town’s water facility and drive up its sodium hydroxide content to poisonous levels. The incident was never fully explained.
Ransomware, which has existed for decades, has become an increasingly destructive force, both in the U.S. and around the globe. A virtual meeting held by the White House on Tuesday had senior officials from as many as 31 different countries come together to discuss the ransomware threat and what steps could be taken to advance an internationally coordinated approach to cracking down on it.
On Friday, the U.S. Treasury’s Financial Crimes Network, or FinCEN, also published a report showing the extent to which the ransomware industry has blossomed over the past several years, much of its growth apparently fueled by cryptocurrencies. According to the report, investigators uncovered some $5.2 billion worth of bitcoin payments that are “potentially tied” to ransomware operations. That’s a whole lot of malware.