Water Treatment Plant Hit by Ransomware Attack

The Delano Waste Water Treatment Plant (WWTP) announced this morning that its computer systems that control the physical operation of the facility have been shutdown by a ransomware attack. The attackers, reportedly the same group that shutdown the operation of the Intershop Meat Plant last week, are demanding 1,000 bitcoin from the City of Delano to unlock the facility control systems. George Funderburke, the director of the Delano Water Maintenance Department (DWMD) told reporters at a brief news conference that both the Federal Bureau of Inquiry and the Environmental Process Protection Agency (EPPA) about the attack. “EPPA and ECS-CERT will be sending teams to help us get our plant back in operation,” Funderburke said; “We have about six hours of storage capacity available for incoming sewage, after that we will have to start discharging untreated sewage into the Flint River.” Jay Muir, spokesperson for the EPPA, told this reporter that the EPPA was sending an action team to Delano, but that it would probably be the ECS-CERT that would be the lead agency on the investigation. “The team we are sending are process engineering types,” Muir said; “They will be responsible for helping the WWTP operate as effectively as possible in a manual operating mode. They should arrive on site before it is necessary to start discharging untreated sewage.” The WWTP has only limited capacity to continue operation under manual conditions. The facility will continue to be discharging treated water through manual operations. A warning will be issued before any untreated sewage is discharged. Cities downstream of Delano have been warned that a sewage discharge may be required. The DWMD does not have funds available in their budget to pay the ransom. Mayor Arrington Carter has scheduled an emergency meeting of the Delano City Council for later this morning to see what actions the City will be taking. “The DWMD has had problems with cash flow since the COVID-19 epidemic hit last spring. They have had a much larger than normal non-payment rate on water bills for both household and commercial accounts. We have been using the City’s rainy day fund to supplement their accounts for the last two months, so we may have problems coming up with the money for the ransom.” Kate Libby, a spokesperson for Dragonfire Cyber, said that the Company has not yet been notified about this ransomware attack, but was working with the ECS-CERT on the investigation at the Intershop Meat Plant. “We have discovered that the source of that attack was a USB drive inserted into one of the PLC’s at the facility; it was apparently an insider attack.” Funderburke has asked residents and businesses in Delano to reduce their water use and waste generation while the City works to correct this problem. Commercial and industrial facilities with large volume discharges have been notified to stop those discharges as soon as possible. This does include the Intershop Meat Plant that just reopened yesterday. The Critical Infrastructure Security Operations Center (CI-SOC) would not comment on this attack. CAUTIONARY NOTE: This is a future news story –Future ICS Security NewsRead More