For two days, a US-based natural gas facility was forced to shut down it’s operations after sustaining a ransomware infection. The infection started with a malicious link in a phishing email, allowing attackers to pivot from the facility’s IT network to it’s OT network. The OT network, or Operational Technology, is the hub of servers that control and monitor physical processes of the facility. Therefore, both the IT and the OT networks were infected with “commodity ransomware”.
Due to the attack, personnel were prevented from receiving crucial real-time operational data from control and communication equipment. Though the site was not identified to the public, it was said to be a natural gas-compression facility. Sites like these typically use turbines, motors and engines to compress natural gas in order to safely move through pipelines. Since the infection didn’t spread to programmable logic controllers, it didn’t cause the facility to lose the ability to control or manipulate operations. Rather, it knocked out crucial control and communication gear which normally allows on-site employees to monitor the physical processes.
The ransomware attack serves as a reminder to always educate employees about cybersecurity. Teaching users not to engage with suspect or unusual emails is a solid first step to protect against ransomware and lower the risk of successful attacks taking place. To learn more, visit here.
