US Govt Warns of Attacks after ransomware hits Pipeline Operations


The Cybersecurity and Infrastructure Security Agency (CISA) alerted all the organizations in the critical U.S. infrastructure sectors regarding a recent ransomware attack that impacted a natural gas compression facility.

The attack has affected the control and communication assets on the operational technology (OT) network of the pipeline facility.

An attacker used a Spear phishing Link to attain access to the organization’s information technology network before pivoting to its OT network.

After infiltrating the network, the attackers installed a ransomware payload to encrypt the org’s IT and OT networks which led to “loss of availability” impacting human-machine interfaces, polling servers, and data historians.

After the ransomware attack, the affected IT and OT assets were not able to read and aggregate real-time operational data reported from low-level OT devices, which lead to a partial Loss of View for human operators.

The attack however had not affected any programmable logic controllers (PLCs) on the impacted networks. This is because the malware only infected Windows devices and the organization did not lose control of operations at any time during the incident.

CISA offers planning and operational mitigation measures, technical and architectural mitigations that will help the organizations across all industry sectors to minimize the risk that they have to face while encountering a ransomware attack.

The targeted org managed to get replacement equipment after being attacked and to load last best configurations which made it easier to recover after the attack.

CISA confirms that the attackers were not able to control or manipulate operations, even though the victim failed to implement robust segmentation between the IT and OT networks.

Even though the ransomware attack has direct operational impact on one control facility, geographically distinct compression facilities were also forced to stop their operations due to pipeline transmission dependencies. This resulted in closing down of the entire pipeline asset for around two days.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Microsoft has a subdomain hijacking problem

    Previous article

    Zero-Day in WordPress Plugin Exploited to Create Admin Accounts

    Next article

    You may also like

    More in Ransomware


    Leave a reply

    Your email address will not be published. Required fields are marked *