A North Carolina water utility has been infected by ransomware in a breach the company says has forced customer-service functions offline and will require it to rebuild its computing infrastructure.
This following the spread of the “polymorphic” EMOTET malware through the utility’s networks beginning Oct. 4th, according to the statement, in a pair of infections that overwhelmed the IT personnel. The attack has left the utility operating with very limited computer capabilities, with workers setting up accounts and fulfilling service orders manually.
“We experienced a catastrophic loss inside our computer network,” ONWASA CEO Jeffrey Hudson said in a video posted to the utility’s Facebook page.
Customer info wasn’t compromised, and the incident does not affect the safety of the water supply, the utility emphasized. Customer info is stored offsite in a vendor’s cloud computing system, the statement said.
The ransomware attack will not interrupt water and wastewater service to homes and business, ONWASA said. The utility serves roughly 150,000 people.
ONWASA said “cyber criminals” had carried out the attack on the utility’s servers and personal computers, and that the utility had received one email from the criminals, “who may in fact be based in a foreign country.” ONWASA vowed not to pay any ransom and rather to “undertake the painstaking process of rebuilding its databases and computer systems from the ground up.”
The utility is working with the FBI, the Department of Homeland Security, North Carolina state authorities, and several cybersecurity companies to respond to the ransomware infection, ONWASA said. An FBI spokesperson confirmed the federal bureau is investigating the incident.
The North Carolina utility said the incident is similar to another ransomware attack on official county computer systems in Mecklenburg County, North Carolina, last year. Officials in that case also opted not to pay the ransom, and to instead rebuild their computer networks.
ONWASA’s PR said that hackers had “specifically targeted” the utility in the wake of Hurricane Florence. Last month the storm tore through Jacksonville, a city of 80,000 near North Carolina’s Atlantic coast, pummeling a local high school.
As Florence made landfall, state officials had warned that cyber-criminals could try to exploit victims of the hurricane or those trying to aid the victims.