Ransomware attacks on important U.S.-based utilities and services organizations in January have raised concerns about the increasing number of targets for attackers within these essential sectors. The persistent threat of ransomware continued last month following a record-breaking year for such attacks in 2023, with new victims emerging and similar sectors being targeted.
Throughout January, ransomware adversely impacted the operations of organizations in the government and critical infrastructure sectors, particularly in the water and wastewater treatment services. The Cybersecurity and Infrastructure Security Agency (CISA) published an incident response guide for water utilities, warning that attacks could have cascading impacts across critical infrastructure. The guide also confirmed that the sector has already been hit by ransomware attacks in recent years.
Veolia North America, a Boston-based company operating in 550 communities across North America, disclosed on January 19 that its municipal water division had been hit by ransomware the previous week. The attack affected some software applications and systems, forcing the company to take its internal back-end systems offline, which disrupted customer access to the billing system. However, the company stated that there was no evidence that the attack affected its water or wastewater treatment operations. The incident also led to the theft of personal information of a limited number of individuals, prompting Veolia to launch a thorough investigation and reexamine its cybersecurity posture.
Other public sector utilities and services were also targeted in January. A ransomware attack on January 21 against Bucks County in Pennsylvania temporarily disrupted the county’s emergency communications database. The attack, claimed by the Akira ransomware group, rendered the county’s computer-aided dispatch (CAD) system inoperable for nine days, forcing emergency services to revert to pen and paper. Although 911 calls were still functional, the fallout from the attack was substantial for the county’s 650,000 residents.
The Medusa ransomware group claimed responsibility for an attack against the Kansas City Area Transportation Authority (KCATA) on January 23, which disrupted the regional RideKC call centers and landline service. However, transportation services remained operational, and KCATA engaged the FBI and security professionals to restore its systems. The public data leak site of the Medusa group also listed Denver-based Water for People as a victim, although the organization stated that the affected data predated 2021 and did not disrupt business operations.
Not only critical infrastructure but also the education and financial sectors fell victim to ransomware attacks last month. Clackamas Community College in Oregon, with an enrollment of more than 18,000 students, suffered a damaging attack that shuttered online services, including its website, internal systems, and ability to disburse financial aid. The attack, traced to a Russian IP address, resulted in canceled classes and extended deadlines for assignment submissions. California-based mortgage lender LoanDepot also disclosed an attack that disrupted its systems and delayed many customer portals for services and payments.
These incidents have prompted U.S. government agencies to issue advisories warning of increasing threats against critical infrastructure organizations. CISA, the National Security Agency, and the FBI recently cautioned about a Chinese nation-state threat actor known as Volt Typhoon, which had compromised organizations in vital sectors, including communications, energy, transportation systems, and water and wastewater. The U.S. agencies confirmed that this threat actor had maintained access in some victims’ IT environments for at least five years as part of its preparation for potential conflicts with the U.S.
The continued targeting of critical infrastructure and essential services by ransomware groups highlights the need for heightened cybersecurity measures and resilience in the face of sophisticated cyber threats. As organizations across various sectors continue to be impacted by these attacks, collaboration and information-sharing between public and private stakeholders are crucial to maintain the integrity of critical infrastructure and essential services. The growing frequency and impact of ransomware attacks underscore the urgency for organizations to bolster their cybersecurity defenses to protect against potential disruptions and data breaches.