Malware Disrupts Business Operations at Michigan Public Utility

While water and power services were not impacted by the infection, administrative computers were shutdown to prevent the spread of the malware.

Public Utility Ransomware 2

The Lansing Board of Water & Light (BWL), a public utility serving Lansing, Mich., is currently cleaning up its administrative systems after an undisclosed number of computers were infected with ransomware.

While the attack, first detected on April 25, continues to impact BWL's administrative services, the non-profit municipal utility stressed that the cyber incident "should have no impact on the delivery of [customers'] water and electricity," the utility said in a statement posted to Twitter on May 2. Credit-card data appears not to have been put at risk by the compromise.

"We continue to work to restore our corporate email and other systems," the non-profit public utility said in a statement posted to Twitter on April 27. "Because this cyber-attack is an ongoing criminal investigation, the BWL has been advised by all law enforcement agencies to not disclose any additional details that would compromise the ongoing investigation and our ability to restore full functionality to our systems."

Reports of hospitals, utilities and other providers of critical services are on the rise, with cyber-criminals aiming to extort money from these organizations.

In February, a ransomware attack shut down medical record systems at Hollywood Presbyterian Medical Center, which reportedly resulted in service delays and postponed procedures at the health care facility. The hospital paid $17,000 to the criminals to obtain an encryption key to decrypt the data on its computers, according to administrators.

Because few companies talk about ransomware attacks, the trend in digital extortion continues to be mainly anecdotal. Yet, network security provider Radware has seen half again as many attacks in 2015 as the year before, Ben Desjardins, director of security solutions for the company, told eWEEK.

While such attacks have historically focused on small business and online gambling firms, critical infrastructure providers are an increasingly popular target, he said.

"These attacks, the reason they are getting more media attention, is because they strike a new level of fear," Desjardins said. "The loss of power or the impairment of delivery of health care are much more serous than, say, not being able to place a bet on a soccer match."

While ransomware has become a popular way to extort money, distributed denial-of-service attacks against businesses—especially those Web services that rely on the Internet as a revenue stream—has taken off as well, Desjardins said.

In the latest ransomware case, Lansing BWL announced it was the victim of an attack on April 25, using Twitter to issue a statement with few details.

"Today we were the victim of ransomware that came in through a phishing virus and infected our corporate networks," the company said in its Tweet. "We immediately instated a self-imposed lockdown to all our corporate networks to protect the system while developing a solution."

The utility claimed that the announcement was issued on the same day that the malware locked its computers. Lansing BWL is working with law enforcement and an unnamed incident response provider to investigate the attack, fully restore systems, and validate their security.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...