Ransomware Attack on Municipal Utility, BWL in Michigan hit with a new variant of ransomware and had to shut down many of its systems
For the second time in just more than three years, the Lansing Board of Water & Light (BWL) faces an emergency that limited its ability to serve customers. But unlike the 2013 ice storm that left 40% of the utility’s 96,000 customers without power for nearly two weeks, the city-owned utility is the victim of a crime that requires assistance from federal, state and local law enforcement agencies.
A ransomware attack on municipal utility this week on BWL’s internal network forced the utility to shut down its accounting system and email service indefinitely for about 250 employees. It also forced the utility to shut down phone lines, including a customer assistance line that’s often used for account inquiries. Power and water shutoffs by the utility are also suspended until further notice.
The cyberattack occurred about 5 a.m. Monday after a BWL employee opened an e-mail with an attachment that infected a computer in the internal network. As the infection spread, it encrypted files on other computers and required BWL and staff to find a way to fight a brand new virus.
The ransomware spread, encrypting files on other computers on the internal network. BWL shut down its accounting system, email service for 250 employees and “phone lines,” including the customer assistance line for account inquiries and the line for reporting outages. “Printers and other technology” were also affected.
BWL General Manager Dick Peffley described the “virus” as “brand spanking new,” which is why up-to-date antivirus software didn’t quarantine it. The utility company learned that only three antivirus solutions could even detect this variant of crypto-ransomware. It was a very sophisticated virus that blew right through a number of our security systems.”
Peffley also said, “In my time at the board of 40 years, I’ve never seen anything like it. Our time keeping, phones, computers, printers, everything that it takes to do the administrative work that the BWL does right now is shut down.”
At first BWL would not admit it was hit by ransomware, but later Peffley admitted the “virus” was ransomware. He declined to say what ransom was demanded allegedly because the Michigan State Police Crime Unit and the FBI were still investigating. BWL assured customers that “no personal information has been compromised.”
The FBI has issued a warning to businesses about the relentless wave of ransomware. The bulletin includes preventative tips, and an affirmation of the bureau’s stance that companies affected by crypto ransomware attacks in particular should not succumb to temptation and pay their attackers off. The warning comes at the same time as a Michigan utility continues to recover from an attack disclosed one week ago. Lansing Board of Water and Light posted a statement on its Facebook page this afternoon that it continues to investigate the attack, and that it has hired an incident response firm to handle recovery of its IT systems.