A North Carolina water utility has been infected by ransomware in a breach the company says has forced customer-service functions offline and will require it to rebuild its computing infrastructure.
Jacksonville, North Carolina-based Onslow Water and Sewer Authority (ONWASA) said in a statement that it was hit by the Ryuk ransomware virus in the middle of the night on Saturday. That followed the spread of the “polymorphic” EMOTET malware through the utility’s networks beginning Oct. 4, according to the statement, in a pair of infections that overwhelmed IT personnel. The attack has left the utility operating with limited computer capabilities, with workers setting up accounts and fulfilling service orders manually.
“We experienced a catastrophic loss inside our computer network,” ONWASA CEO Jeffrey Hudson said in a video posted to the utility’s Facebook page.
Customer information wasn’t compromised, and the incident does not affect the safety of the water supply, the utility emphasized. Customer information is stored offsite in a vendor’s cloud computing system, the statement said.
The ransomware attack will not interrupt water and wastewater service to homes and business, ONWASA said. The utility serves about 150,000 people, Hudson told CyberScoop in an email.
ONWASA said “cyber criminals” had carried out the attack on the utility’s servers and personal computers, and that the utility had received one email from the criminals, “who may be based in a foreign country.” ONWASA vowed not to pay any ransom and to instead “undertake the painstaking process of rebuilding its databases and computer systems from the ground up.”
The utility is working with the FBI, the Department of Homeland Security, North Carolina state authorities, and several cybersecurity companies to respond to the ransomware infection, ONWASA said. An FBI spokesperson confirmed the bureau is investigating the incident.
The North Carolina utility said the incident is similar to another ransomware attack on official county computer systems in Mecklenburg County, North Carolina, last year. Officials in that case also opted not to pay the ransom, and to instead rebuild their computer networks.
ONWASA’s press release said that hackers had “specifically targeted” the utility in the wake of Hurricane Florence. Last month the storm ripped through Jacksonville, a city of 70,000 near North Carolina’s Atlantic coast, pummeling a local high school. As Florence made landfall, state officials had warned that cybercriminals could try to exploit victims of the hurricane or those trying to aid the victims.