Ransomware attackers targeted water treatment plants: US security agencies

WION Web Team
WashingtonUpdated: Oct 17, 2021, 05:29 PM IST

The 'WannaCry' ransomware has affected India the worst among all Asian countries Photograph:(Reuters)

Story highlights

According to US security agencies, ransomware attackers targeted wastewater plants in California, Maine and Nevada this year.

After reports said a water treatment facility in Florida was targeted by ransomware earlier this year, US agencies reported wastewater plants were also targeted in California, Maine and Nevada this year.

The report was published jointly by the FBI, NSA, US cybersecurity and infrastructure security agency and the environmental protection agency.

"Malicious cyber actors used ghost variant ransomware against a California-based waster water facility," the joint advisory said.

The ransomware was reportedly "in the system for about a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message", the report claimed.

"Cyber actors used remote access to introduce ZuCaNo ransomware onto a Maine-based unit," it said. The US security agencies said an "unknown ransomware variant" attack had occurred at Nevada's wastewater system in March.

Last year officials at a New Jersey-based wastewater treatment facility had detected "Makop ransomware" had "compromised" files.

The report recommended a number of ways to detect and stop intended attacks including updating software due to increased use of remote operations amid the pandemic and implementing antivirus and antimalware programmes. 

The report also stated that the US government has a reward of up to $10 million on foreign government malicious activity against US infrastructure.

US treasury financial crimes enforcement network said, "If current trends continue, (reports) filed in 2021 are projected to have a higher ransomware-related transaction value than... filed in the previous 10 years combined."

According to the US treasury, $590 million in ransomware-related payments were reported to US authorities in the first half of the year showing the grave risk posed by ransomware.

(With inputs from Agencies)