Gas Pipeline Suffers Ransomware Attack

On February 18, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an alert detailing a ransomware attack suffered by a natural gas compression facility. The ransomware attack led to a two-day controlled shutdown of operations, causing significant loss of productivity and revenue.

As described in the alert, attackers infiltrated the IT network of the facility via a targeted spearphishing effort, in which specific staff were tricked by email into providing access credentials. Once in the network, the attackers deployed ransomware to encrypt data  and demanded payment to decrypt that data.

Cybersecurity situations were not considered in the facility’s emergency response plan. There was no segmentation between information and operational networks, and there was no staff training regarding phishing that could have prevented network access by criminal elements.
 
The facility was ultimately able to restore the affected data files from secure backups, and resumed operations shortly thereafter. The damage was limited in scope but significant losses were recorded at this and connected facilities.

ACA Guidance

This gas pipeline ransomware attack serves as a reminder to all critical infrastructure operators for the need for cybersecurity preparedness. ACA Aponix recommends taking actions, including those recommended by the CISA, to assess and secure infrastructure assets. Recommendations include:

How We Help

ACA Aponix offers the following solutions that can help critical infrastructure organizations and other firms enhance their cybersecurity.

• Threat intelligence, phishing testing and monitoring 

• Operational resilience and governance 

• Risk assessments and regulatory compliance testing services

If you have any questions, please contact Noah Fox at noah.fox@acaglobal.com.