Every day, critical infrastructure around the world are attacked by cybercriminals and other destructive organizations, and no-one is being spared. Even if you are already down for the count, you might be a target. And sometimes you become the target just because of the fact that you are already down.

An example of what the Ryuk ransom demand message looks like. Source: CheckPoint

A recent example of that is when a ONWASA water utility facility in North Carolina, USA, were targeted by cyber criminals with a Ryuk ransomware attack. This water utility serves about 150 000 people that currently are suffering in the wake of Hurricane Florence that hit USA in September.

HERMES is commonly attributed to the North Korean Lazarus Group, and in the FEIB attack, it seems that HERMES was used as a diversion to draw attention away from the real attack.

There are still many questions regarding who is behind the attack, as well as the real reasons behind it. It might be just another random ransomware attack, or it could be a targeted ransomware. However, there are many commonalities between the Ryuk Ransomware and the infamous HERMES Ransomware that was used in the $60 million cyber heist against the Far Eastern International Bank (FEIB) in Taiwan in 2017. HERMES is commonly attributed to the North Korean Lazarus Group, and in the FEIB attack, it appears that HERMES was used as a diversion, to draw attention away from the real attack. And based on what we can see, Ryuk has not been a very profitable ransomware attack. This also indicates that the ransom money was not the main driver behind the attack.

Luckily, the Ryuk attack against ONWASA hasn’t had any significant impact on fresh water supply since they managed to contain it to the administrative network. But the corporate IT infrastructure needs to be rebuilt from the ground up.

 

Read the full ONWASA press release here

 

Sources:

https://www.onwasa.com/

https://www.csoonline.com/article/3314557/security/ransomware-attack-hits-north-carolina-water-utility-following-hurricane.html

https://www.bankinfosecurity.com/connecticut-city-pays-ransom-after-crypto-locking-attack-a-11631

https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/

 

With over 15 years of experience in the ICT industry, and with 11 of those as a leader and trusted advisor within cybersecurity, Oskar Ehrnström drives business innovation and transformation within Tieto Security Services.