Security News > 2020 > February > Ransomware attack forces 2-day shutdown of natural gas pipeline

The US Department of Homeland Security on Tuesday said that an infection by an unidentified ransomware strain forced the shutdown of a natural-gas pipeline for two days.

The alert, issued by DHS's Cybersecurity and Infrastructure Security Agency, didn't say where the affected natural gas compression facility is located.

Why, in this day and age, when ransomware and other malware attacks are running amok, would cyberattacks have been left out of a utility company's emergency response plan? CISA said in its advisory that the victimized facility pointed to a gap in cybersecurity knowledge being a mitigating factor: it's at the heart of the facility's failure to "Adequately incorporate cybersecurity into emergency response planning."

Although we don't know which malware strain was involved in this week's advisory, Ars Technica notes that it comes two weeks after researchers from industrial cybersecurity firm Dragos reported that a ransomware strain known as EKANS had tampered with industrial control systems used by gas facilities and other critical infrastructure.

While all indications at present show a relatively primitive attack mechanism on control system networks, the specificity of processes listed in a static "Kill list" shows a level of intentionality previously absent from ransomware targeting the industrial space.

News URL

https://nakedsecurity.sophos.com/2020/02/20/ransomware-attack-forces-2-day-shutdown-of-natural-gas-pipeline/