Security

Insult to injury: Malware menace soaks water-logged utility ravaged by Hurricane Florence

Storm-savaged waterworks having to rebuild from scratch

By Shaun Nichols in San Francisco

8 SHARE

A water company in the US state of North Carolina already dealing with the aftermath of Hurricane Florence will now have to juggle a complete database rebuild – thanks to a nasty ransomware infection.

The Onslow Water and Sewer Authority (aka ONWASA) says it will have to completely restore a number of its internal systems thanks to an outbreak of Emotet, a strain of ransomware that has been menacing a number of school and government networks in recent months.

In this case, ONWASA CEO Jeffrey Hudson said on Monday the infection had spread through much of its network and would require several of its main databases to be completely rebuilt. No customer information was compromised, however, and the utility says regular water service is not going to be impacted.

ONWASA said that the attack began on October 4 when Emotet was first spotted on the utility's network. IT staff had thought to have contained the initial infection, only to see a second attack kick off in the wee hours of Saturday, October 13.

"An ONWASA IT staff member was working was working at 3am and saw the attack," ONWASA said.

"IT staff took immediate action to protect system resources by disconecting ONWASA from the internet, but the crypto-virus spread quickly along the network encrypting databases and files."

Sunny Cali goes ballistic, this ransomware is atrocious. Even our IT bill will be something quite ferocious

READ MORE

Rather than pay the malware's ransom fee, the utility said it will be simply wiping and rebuilding databases on the scrambled systems.

"Ransom monies would be used to fund criminal, and perhaps terrorist activities in other countries," ONWASA reasoned. "Furthermore, there is no expectation that payment of a ransom would forestall repeat attacks."

Indeed, there is not even a guarantee paying will stop the current attack and experts recommend companies opt to restore from backups rather than cave in to ransomware demands.

The infection will, however, be an exhausting new task for the utility company operating in one of the areas hardest hit by Hurricane Florence last month.

In Onslow county, schools have yet to open and local governments are still working with FEMA to clean up debris from the massive storm with costs expected to hit $125m.

ONWASA estimates that, for the next several weeks as it restores all of the damaged systems and conducts day-to-day operations by hand in person, customers will see slower service and will have to make their bill payments by phone rather than online. ®

Sign up to our NewsletterGet IT in your inbox daily

8 Comments

More from The Register

Splunk does a bunk from Russia: No software and services for you, Putin!

Была́ не была́

Ivan to be left alone: Russia preps to turn its internet into an intranet if West opens cyber-fire

In Putin's Russia, internet logs off from you

Why why why Di Data? Brit limb Advanced Infrastructure has date with administrators

Has loss-making UK arm plumbed its final network?

It's time to reset the 'Days without a Facebook data loss' sign after 500 million records left exposed on AWS

App devs fail to lock down their databases, yet again

Former FBI boss Comey used private email for official business – DoJ

'I did not have an unclassified FBI connection at home that worked'

Cray will realise 'substantial' loss. But Shasta minute, folks, big iron market will pick up

And... stock-botherers seem happy with that

It's Russian hackers, FBI and Wikileaks wot won it – Hillary Clinton on her devastating election loss

Oddly, fails to mention massive voter distrust, strategic failings

Russia stares admiringly at itself, flexes internet muscles

More posturing from presidential aide

Loss-making $15bn hipster chat biz Slack suddenly less appetising to investors as it predicts deeper losses

Battle with Microsoft not letting up

Dell bleeds converged infrastructure unit into existing divisions

Components spread across servers, storage, networking