Ransomware shuts gas compressor for two days in latest attack | HT Tech

Ransomware shuts gas compressor for two days in latest attack

Hackers sent emails with a malicious link to gain control of the facility’s a natural gas compressor’s information technology system in the US.

By: CHRISTINE BUURMA
| Updated on: Feb 19 2020, 18:28 IST
Hackers take control of a natural gas compressor facility in the US.
Hackers take control of a natural gas compressor facility in the US. (Pixabay)
Hackers take control of a natural gas compressor facility in the US.
Hackers take control of a natural gas compressor facility in the US. (Pixabay)

A recent ransomware attack caused a U.S. natural gas compressor facility to shut for two days, the latest in a string of attacks targeting the country's energy infrastructure over the past few years.

Hackers sent emails with a malicious link to gain control of the facility's information technology system, the Department of Homeland Security said Tuesday in an alert. The agency didn't say which facility was targeted, when the attack occurred or who was behind it.

It appears likely that the attacker explored the facility's network to "identify critical assets" before executing the ransomware attack, according to Nathan Brubaker, a senior manager at the cybersecurity firm FireEye Inc. This tactic -- which has become increasingly popular among hackers -- makes it "possible for the attacker to disable security processes that would normally be enough to detect known ransomware indicators," he said.

The DHS alert comes amid increased concern about whether aging U.S. energy facilities are equipped to ward off cyber-attacks that could result in power failures and disruptions to oil and natural gas supply. In 2018, several pipeline companies saw their electronic systems for communicating with customers shut down after being targeted by hackers.

Regulators have urged better oversight for pipeline cybersecurity, which is overseen by the Transportation Security Administration. DHS announced in 2018 that it was working with the TSA and the Department of Energy on a pipeline cybersecurity initiative.

Operations at the facility have been restored, according to an official the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, who requested anonymity speaking about the matter. The official said the incident illustrates the risk that ransomware poses to industrial control systems.

Though the hackers didn't gain control of the gas compression facility, the operator decided to perform a controlled shutdown after being unable to read and aggregate real-time operational data from certain devices.

While ransomware is usually designed to block access to a computer system until a sum of money is paid, the DHS notice didn't specify what the hackers were demanding in the gas compressor cyber-attack. The facility's emergency response plan didn't specifically address the risk of cyber-attacks, DHS said.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 19 Feb, 18:28 IST
NEXT ARTICLE BEGINS