In the wake of the Hurricane Florence disaster, ONWASA (Onslow Water and Sewer Authority), a critical water utility has been attacked by cyber-criminals. ONWASA’S internal computer system, including servers and personal computers have been subjected to a sophisticated ransomware attack that has left the utility with limited computer capabilities.
Customer information was not compromised in the attack. However, many other databases must be recreated in their entirety. ONWASA is coordinating with the Federal Bureau of Investigation, the Department of Homeland Security, the State of North Carolina and several technology security companies.
The safety of the public’s water supply and the area’s environment is not in danger. The crisis is technological in nature.
On Oct. 4, 2018, ONWASA began experiencing persistent virus attacks from a virus known as EMOTET, a polymorphic malware. The virus was initially thought to be under control but when it persisted, ONWASA brought in outside server specialists. A specialist continued to work the problem with ONWASA Information Technology (IT) Staff.
In what may have been a timed event, the malware launched a sophisticated virus known as RYUK attack at 3 a.m. on Saturday, Oct. 13, 2018.
An ONWASA IT staff member at work at 3 a.m. saw the attack. IT staff took immediate action to protect system resources by disconnecting ONWASA from the internet, but the crypto-virus spread quickly along the network encrypting databases and files. The attack is similar in nature to those experienced by Atlanta, GA and Mecklenburg County, NC.
ONWASA had multiple layers of computer protection in place, including firewalls and malware/anti-virus software. The defenses of the computer systems at the main office were penetrated. ONWASA has received one email from the cyber-criminals, who may be based in a foreign county. The email is consistent with ransomware attacks of other governments and corporations.
Ransom monies would be used to fund criminal, and perhaps terrorist activities in other countries. Furthermore, there is no expectation that payment of a ransom would forestall repeat attacks. ONWASA will not negotiate with criminals nor bow to their demands. The FBI agrees that ransoms should not be paid. ONWASA will undertake the painstaking process of rebuilding its databases and computer systems from the ground up.
The lack of computing ability will affect the timeliness of service from ONWASA for several weeks to come. The utility will operate manually at all plant and office locations. Water and wastewater service to homes and business will not interrupted.
A team of local, state, and federal agencies are cooperating to restore the utility and bring the criminals to justice.