[BreachExchange] Maryland water company investigating ransomware attack

[Sophia Kingsbury]

https://www.itpro.co.uk/security/ransomware/360030/maryland-water-company-investigating-ransomware-attack

WSSC Water, a water company in Maryland, is investigating a ransomware
attack that hit parts of its business in May.

According to reports from WJZ13 Baltimore, the attack happened on May 24,
and the company removed the malware just hours later. According to WSSC
Water, criminals accessed internal files but did not affect water quality.

“WSSC Water continues to produce and deliver safe, clean water to 1.8
million customers in Montgomery and Prince George’s counties and at no time
was the quality or reliability of our drinking water in jeopardy,” WSSC
Water Police and Homeland Security Director David McDonough said in a
statement.

WSSC said systems that operate its filtration and wastewater treatment
plants are, by design, standalone networks and not connected to the
internet. According to a statement on its website, WSSC Water also restored
files from backups, and there was no significant impact on business
operations.

McDonough added that such attacks have become more common, especially in
recent weeks, and WSSC Water has prepared for this type of event. With an
investigation underway, WSSC Water has notified the FBI, Maryland Attorney
General, and state and local homeland security officials and will cooperate
with any investigation.

WSSC Water expects its investigation to take several weeks. Should the
investigation unearth any evidence of personal information exposure, WSSC
Water said it would offer affected people five years of credit monitoring
with $1,000,000 in identity theft insurance at no cost.

WSSC has encouraged its customers to remain vigilant and closely examine
their financial statements and report anything suspicious to their bank or
card issuer. Individuals can also access identitytheft.gov to report any
suspicious activity and to learn how to freeze their credit.

Last week, IT Pro reported that the City of Tulsa warned residents that the
hackers behind a ransomware attack on its systems in May have shared
sensitive files on the dark web. Over 18,000 files on the dark web were
“mostly in the form of police citations and internal department files.” The
city advised anyone who had filed a police report, received a police
citation, made a payment within the city, or interacted with the city in
any way to take precautions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210629/7513d93b/attachment.html>