U.S. water, electric and gas utilities have faced an ongoing problem with hackers for years. These cyberattacks typically involve ransomware, which compromises data and computing systems until a company or utility pays a fee.
Aquify’s parent company, Exelon Corporation, is a Fortune 100 energy company with the largest number of electricity and natural gas customers and one of the largest competitive energy generators in the U.S.
Increase in Ransomware Attempts in 2020
Recently, a large metropolitan water utility (not an Aquify customer) was subject to an Egregor ransomware incident impacting over 100 workstations and multiple servers, including a backup server. By involving the backup server in the attack, the intent was to create further destruction and confusion in order to elicit a ransom payment.
Unfortunately, this latest incident is one of many in an increasing number of deployed ransomware tactics against utility sector organizations. In 2020, there have been 14 reported attempts as ransomware operators continue to develop deeper strategies for accessing utility networks.
How Water Utilities Can Take Action
The American Water Works Association (AWWA), in collaboration with the Water Information Sharing & Analysis Center (WaterISAC), recently provided its members with a comprehensive set of measures that can be followed to protect utilities from ransomware attacks.
In addition, the AWWA recently released this AWWA Connections article that includes supplemental resources for water utilities to proactively implement cybersecurity best practices.
Finally, with digital transformation in water utilities well underway, partnering with established companies that have depth and breath of cybersecurity experience is critical. Companies like Exelon are leading the way in adopting processes and technologies.