IN A JOINT ADVISORY RECENTLY, the US government agencies said that the US Water and Wastewater Systems (WWS) facilities had been data infiltrated multiple times via ransomware attacks for the past two years.
The government also added that the WWS is currently experiencing malicious activity that could result in a ransomware attack which may affect them in providing the necessary water supply in their territory.
Furthermore, the WWS is part of the 16 US critical infrastructure sectors that, if compromised and incapacitated through spear-phishing and software exploitation, can cause an impact on the economy, national security, public health, and public safety.
What are the ransomware attacks detected by the US government?
The ransomware was used in the attacks that affected the water sector of the US government. The used ransomware was identified as Ghost, Makop, and ZuCaNo.
The first strain was detected in August of this year. A ransomware group used the Ghost ransomware variant against a WWS facility based in California. The variant lingered inside the system for a month and was only discovered when the supervisory control servers revealed a ransomware message.
The following ransomware variant was detected in July 2021. The cybercriminals used ZuCaNo ransomware and remotely controlled it to infiltrate the Maine-based WWS facility’s wastewater SCADA computer. Its system was restored using a manually operated local control.
The third advisory regarding the attack happened in September of 2020. Personnel in the WWS facility in New Jersey discovered potential Makop ransomware that compromised files across their system.
The most crucial intrusions of the WWS plant’s networks were poisoning the drinking water back in March of 2019. That incident was a failed attempt by a former employee at the WWS facility in Kansas. After he resigned from the company, the employee was unable to use unrevoked credentials for malicious purposes.
Even though this is not included in the released advisory, an unidentified threat actor gained access to the water system in Florida back in February this year. The man tried to poison the state’s drinking water by raising the chemical levels used for purifying the water to hazardous levels.
In conclusion, WWS facilities are urged to implement the measures described to them during the advisory to secure their systems against threat actors.
