Hackers Stole Data From Multiple Electric Utilities in Recent Ransomware Attack 16
Hackers stole data belonging to multiple electric utilities in an October ransomware attack on a US government contractor that handles critical infrastructure projects across the country, according to a memo describing the hack obtained by CNN. From the report: Federal officials have closely monitored the incident for any potential broader impact on the US power sector while private investigators have combed the dark web for the stolen data, according to the memo sent this month to power company executives by the North American grid regulator's cyberthreat sharing center. The previously unreported incident is a window into how ransomware attacks on critical US companies are handled behind the scenes as lawyers and federal investigators quietly spring into action to determine the extent of the damage.
The ransomware attack hit Chicago-based Sargent & Lundy, an engineering firm that has designed more than 900 power stations and thousands of miles of power systems and that holds sensitive data on those projects. The firm also handles nuclear security issues, working with the departments of Defense, Energy and other agencies "to strengthen nuclear deterrence" and keep weapons of mass destruction out of terrorists' hands, according to its website. Two people familiar with the investigation of the Sargent & Lundy hack told CNN that the incident was contained and remediated, and didn't appear to have a broader impact on other power-sector firms. There is no sign that data stolen from Sargent & Lundy, which includes "model files" and "transmission data" the firm uses for utility projects, is on the dark web, according to the memo from the Electricity Information Sharing and Analysis Center.
The ransomware attack hit Chicago-based Sargent & Lundy, an engineering firm that has designed more than 900 power stations and thousands of miles of power systems and that holds sensitive data on those projects. The firm also handles nuclear security issues, working with the departments of Defense, Energy and other agencies "to strengthen nuclear deterrence" and keep weapons of mass destruction out of terrorists' hands, according to its website. Two people familiar with the investigation of the Sargent & Lundy hack told CNN that the incident was contained and remediated, and didn't appear to have a broader impact on other power-sector firms. There is no sign that data stolen from Sargent & Lundy, which includes "model files" and "transmission data" the firm uses for utility projects, is on the dark web, according to the memo from the Electricity Information Sharing and Analysis Center.
utility companies suck (Score:2)
I went around and around with this stupid gas company that insisted they needed my social security number in order to start service. I eventually relented because what choice is there. Total bullshit though.
Re: utility companies suck (Score:2)
Re: (Score:2)
Well, considering most utilities are post-paid, it isn't unusual since you are basically opening a credit account with them, so it has ramifications with credit reporting agencies and such.
Re: (Score:1)
I went around and around with this stupid gas company that insisted they needed my social security number in order to start service. I eventually relented because what choice is there. Total bullshit though.
Perhaps there IS a choice, since they "need" your SSN in order to run a credit check to determine how much (or not) to charge your for a deposit.
Perhaps an easier way around that is to simply tell them you're willing to pay the full deposit next time, as long as they provide a statement in writing that states how and when that deposit will be refunded. (Usually they refund it after 12 months of consistent payments)
Why only steal it? (Score:3, Insightful)
Re: Why only steal it? (Score:2)
I remember the movie tropes of the 80s and 90s when hackers would credit my bill or send 20000 pizzas to the CEO's house or other shenninigans to stick it to the corporate system.
Re: (Score:1)
Hack The Planet!! Never gets old.
Re: (Score:2)
Exactly. The companies don't care if the private information is stolen - it doesn't affect them. But if they lose all their billing information, then it suddenly they pay attention.
However, instead of deleting the data, you corrupt it slowly - this way the data is corrupted into the backups.
And instead of forcing them to "pay if you don't want us to release the data",
Re: (Score:2)
They generally have backups of those billing systems. Additionally, they could just pull another reading to determine the bill. It's not as if they'd just go without revenue.
Private industry strikes again (Score:2)
Can we finally do away with the myth that private industry is better than government? How many of these stories do we have to go through before it's understood private industry is at least as bad at everything, if not more so, than government?
Here's the real question in the current case: will anyone be held responsible for this leak? Or will everyone go about their business as if nothing happened and simply say, "We value your privacy"?
Re: (Score:3)
Can we finally do away with the myth that private industry is better than government?
Government IT security, when audited, is often found lacking. Maybe we could just do away with the myth of competence in general.
Re: (Score:1)
Can we finally do away with the myth that private industry is better than government?
Government IT security, when audited, is often found lacking.
Since this has been a known issue for literally decades, found lacking says a hell of a lot more about Government "audits" and the utter bullshit they accept as good enough to ignore year after year.
Re: (Score:2)
For some reason, even though there is a TLA responsible for securing national communications, every department does its own security audits (or, apparently, not.)
Re: (Score:2)
Until individuals are held accountable, not with puny fines but something like "half your net worth plus 3 months in non-country club jail" not much will change.