A Massachusetts utility company power station was attacked by ransomware recently, and the company refused to meet attackers' ransom payment demands. The Reading Municipal Light Department (RMLD) was targeted on 21 February 2020 by cyber-criminals trying to extort money by encrypting data in the station's computer system. Unfortunately for them, management opted to hire an outside cyber threat consultant to help them deal with the ransomware infection instead of paying for the return of their files. A spokesperson from RMLD stated that its IT team had been investigating the breach to identify and isolate the problem. The team reports it has made progress, may have contained the damage, and ensured that all traces of the malware had been removed.
After attackers took down the provider’s website, RMLD management took to Twitter earlier to spread news of the ransomware attack. From their account @readinglight, the company posted: "RMLD’s website, http://rmld.com, is currently unavailable due to a widespread issue our vendor is experiencing. There is no ETA for a resolution at this time. This issue is affecting multiple city and town websites in MA. Updates will be shared as they become available."
A RMLD spokesperson subsequently confirmed electricity services were not interrupted by the attack and that the grid remained secure. RMLD management stated that there were no “indications” that customers' financial data had been compromised as a result of the attack. Information regarding customers' bank accounts and credit cards was stored in a separate system managed by third-party payment services provider Invoice Cloud. Unfortunately, some customer data may have been exposed in the attack. The exposed information included names, addresses, email addresses, and records of how much electricity an individual has accessed.
RMLD management has not confirmed how the ransomware entered their computer system or how much money was demanded by the attackers. According to records obtained by a local news outlet, 1 in 6 Massachusetts communities have been targeted by ransomware and at least 10 communities have used taxpayers' money to recover encrypted data.
Cyber security analysts are tracking these ransomware attacks on small and medium businesses, municipalities and their local utilities that are not adequately protecting their networks. Beginning in 2017, Red Sky Alliance began following malware with the names of WannaCry, Petya, and NotPetya and notified their clients of the indicators of compromise to help protect their systems - a much-needed service.
In late 2018, additional malware involving Emotet, which steals credentials to spread malware through a spam module and then uses Trickbot to then infect a network, was issued in the wild. These combined malware attacks make it even more difficult to combat and it shows that the cybercriminals are getting better at their game.
Consider all the government documents and their local utilities handle daily. Phishing emails and documents with infected payloads are designed to fit into routine emails that all organizations handle. These can include sales bids, invoices, shipping documents, resumes, reports; actually, the list is endless. Of note, local governments and their local utilities have been targeted because they house personally identifiable information (PII) that is required for billing and proper electrical service to the public. This PII and payment information has much value for sale on the Deep and Dark Web. Governments have been slow to adapt new technologies and conduct proper patching of their existing networks to deter hackers and cyber criminal’s attacks.
A strong company defense must include effective back-up procedures, employee training and daily cyber threat notifications. Cyber insurance is crucial and essential to help pay ransomware expenses. A ransomware attack can put a small to medium company out of business.
- Red Sky Alliance’s RedXray and RedXray-Plus services can provide your business with a daily cyber threat notification report, which covers nine (9) cyber threat categories, so threats can be mitigated before they become expensive problems. The service starts for about $500 a month. What RedXray offers is another layer of protection for businesses without having to connect to their networks. RedXray daily monitors the Deep and Dark web to provide intelligence leads to identify threats against your networks, supply chain or target companies/agencies. This is provided to you in a daily warning email or with RedXray-Plus which provides an easy dashboard to further investigate and block these threats. How easy is it to order? It can be ordered online in less than 3 minutes and all billing is made monthly by credit card by visiting https://wapacklabs.com/redxray.
- Red Sky Alliance/Wapack Labs Corporation can help your firm protect against these threats and is now offering Cyber Insurance coverage through Cysurance to help protect your organization and help with recovery expenses. Please feel free to contact us at firstname.lastname@example.org.
Red Sky Alliance is in New Boston, NH USA and is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 888-RED-XRAY or (888)-733-9729, or email email@example.com