Water Facility AI Delivers Ransomware

The Critical Infrastructure Security Operations Center (CI-SOC) announced this morning that the ransomware attacks that took place at over 200 small to medium sized water treatment facilities across the United States yesterday were linked to a vulnerability in the Robotron VWS-AI software That cybersecurity software was introduced into many water treatment facilities after last month’s attack on the water treatment facility in Delano, GA. “We have not yet determined exactly what vulnerability was involved,” General Buck Turgidson, Director of the CI-SOC, told reporters this morning; “but all 200 facilities had recently installed the cybersecurity artificial intelligence tool; it is the only common factor in all of the attacks which took place simultaneously at 4:20 pm EDT yesterday.” A written statement from Robotron confirmed that the company was working with the CI-SOC on the problem. Treatment system control screens at all of the facilities turned red and showed the following in large black text: “VWS-Blendung  Your control systems have been encrypted  It will cost you 1 Bitcoin to get your water flowing again”. The current market for Bitcoin shows an exchange rate of about $57,000 for one Bitcoin. CI-SOC has confirmed that all of the affected facilities have been able to resume operations under manual controls. Turgidson told reporters that the manual operation is taking its toll on operators who are having to typically work double shifts to keep facilities operating. Water treatment units from the Army National Guard across the country are being mobilized by governors to help keep the water treatment facilities operational. Robotron is already scrambling to deal with the fall out over the BlockKopierenransomware attacks on its backup server product. Today’s announcement by CI-SOC has already sparked calls for a formal investigation of Robotron’s status as a major supplier of industrial control systems in the United States. Sen TJ Kong (R,GA) has asked ECS-CERT for a report on the vulnerability history of products from Robotron and how fast the company has responded with fixes to those vulnerabilities. Rep. Harvey Milk (D,CA) has called for a series of congressional hearings on the issue of control system cybersecurity. Rep Rebecca Pinter (D,MA) has asked the Speaker to establish a Select Committee on Cybersecurity. Robotron’s SVS AI was introduced to the market last summer, but sales were very slow. Targeted at smaller facilities, there was little funding available, and no major call for cybersecurity protection at these facilities. Just before the Delano attack, Robotron set up a low-cost software leasing program to get better market penetration. The chlorination incident at the Delano, GA facility established the need for low-cost automated security controls. CAUTIONARY NOTE: This is a future news story –Future ICS Security NewsRead More