Onslow Water and Sewer Authority Suffered Ransomware Attack

Trend Micro EMOTET Summary

Source: ONWASA

A North Carolina water utility experienced a ransomware attack in October, that it is just disclosing. 

The Onslow Water and Sewer Authority (ONWASA) had its computer system, including servers and personal computers, hit by a “sophisticated ransomware attack.”

The attack left the company rebuilding some databases, but ultimately not did not lose customer information. The FBI, the Department of Homeland Security and the state of North Carolina are all investigating the case.

The utility began experiencing attacks in the form of malware on Oct. 4. The virus, known at EMOTET, ended up encrypting several systems within the ONWASA system.

On Oct. 4, the utility began experiencing virus attacks from a malware system. When it persisted, ONWASA brought in outside security specialists.

At 3 a.m. on Oct. 13, the malware launched a sophisticated virus called RYUK, which seemed to be uniquely timed event.

An IT staff member was working at the time and saw the attack and began disconnecting ONWASA from the internet. Additional staff reported to the office within 30 minutes. However, the virus spread quickly and began encrypting databases and files.

Despite having some defensive architecture, including firewalls and malware/antivirus software, the corporate systems were penetrated.

The hackers emailed the utility service but have not given the utility a ransom fee. However, the ONWASA board said at the time, they would not be paying criminals.

Instead of paying for access to their files, ONWASA will begin rebuilding its databases and computer systems from the ground up.

On Oct. 15, the following Monday morning, the utility service had one customer service computer available.

Water and wastewater service to homes and businesses were not interrupted.

%d bloggers like this: