Water Companies Attacked by Ransomware: Global Critical Infrastructure at Risk

The Genesis of Water

The conflicts over water in civilized society have been with us humans since 2550 BC when the Lagash-Umma Dispute, also known as the Gudea War occurred. It was a long-standing conflict between the Sumerian city-states of Lagash and Umma that lasted for over a century, roughly from 2550 to 2400 BC. During the Roman conquest of Gaul, Julius Caesar laid siege to the Gaulish stronghold of Alesia. To cut off the city’s water supply, he ordered the construction of a massive network of ditches and canals, diverting the nearby rivers. This tactic forced the Gauls to surrender after several months. Russians have targeted water systems in Ukraine. Both sides have been accused of sabotaging water treatment plants and distribution networks, leading to water shortages for civilians. With rising global tensions, we are not only facing cyber criminals. They want to use the urgent need for water to force capitulation during a cyber-attack. Nation-states are actively probing for ways to impact our modern systems when we get into a military conflict.

Next to the air we breathe, the processing, storage, and delivery of water is most critical to human survival. No society can last long without water. This makes water an extremely high-value target and significantly increases the likelihood that a victim of Ransomware or other cyber extortion interruption pay their attackers’ demands. This also means an ethical refusal to pay is simply not an option if victims cannot recover without decryption keys. “The current threat landscape makes cyber hygiene, recovery options, and insurance coverage very important,” said David McNeil of EPIC Insurance. “The insurance industry, like governments and businesses has consistently been a step behind the curve. The reality, by way of losses, has finally caught up to the insurance carriers. They have spent the last few years internally and working with partners like Alvaka and EPIC helping insurers in making some hard corrections in the marketplace,” he continued.

Navigating the “Waters” of Ransomware in Cybersecurity

In recent weeks, a private utility serving millions of consumers in Southern England has fallen victim to a cyberattack by the notorious Black Basta ransomware group. The Black Basta claims they have 750 gigabytes of the victim’s confidential and operational data. They have threatened to publish the stolen data unless a ransom is paid by February 29, 2024. This crime highlights the fast-growing threat of ransomware targeting critical infrastructure with real-world impacts. Black Basta is an aggressive persistent threat to infrastructure and water in particular. They arrived on the Ransomware scene in 2023 and are in the top 10 most impactful groups in volume. They are known for their aggressive tactics and are known for their double extortion using the encrypting of files stealing of data and threatening to release it. They are repeat offenders in targeting high-profile organizations such as critical infrastructure.

“Until recently, there has been an unfortunate tendency in the water industry, like so many others to think our collective warnings are all a fear tactic. Many believe that there is nothing to worry about,” said Kevin McDonald COO & CISO at Alvaka. That is a fallacy and a dangerous one at that. We have seen just in the last year, water systems in Illinois, Florida, Texas, and Maine become victims of cyber threat actors,” he continued. In December 2023, the US Cyber and Infrastructure Security Agency (CISA) documented specific attacks on Water and Waste Water Facilities and warned that others are in the sights of attackers. We also know that nation-state actors have been penetrating and exploring critical infrastructure, looking for weaknesses and leaving behind access for future potential attacks.

“As a top-tier global, ransomware rescue specialist and water cyber security provider, Alvaka has been in the fight to rescue high-profile victims of ransomware and defend our nation’s water supply for many years.” Said Paul Fuller of Allied Public Risk and CalMutuals. “The current situation has led to our mutual partnership with JPRIMA / CalMutuals Water Association to bring more affordable and inclusive insurance coverage through improved cyber hygiene, and education. “Alvaka is truly on the front lines with us assisting those managing and defending our life-supporting water systems.” Ransomware actors are focusing on critical infrastructure. These recent attacks show their thirst for victims. The Southern Water (black Basta) incident should be an eye-opener and serve as a dramatic example of why we must be vigilant and implement robust cybersecurity measures. Just this week one of the largest water companies in the world, Veolia North America was hit with Ransomware. There are no signs of this trend letting up.

Empowering Cybersecurity: What We Can Do

Alvaka has been working to improve the security of America’s water systems for many years. They have made some genuinely impactful strides through the partnership with CalMutuals/JPRIMA and are always seeking ways to be more impactful. That program, in short, allows water mutuals and utilities to get far more affordable and improved coverage terms from Lloyds of London through improved cyber hygiene by leveraging pre-approved services such as Alvaka’s Patchworx, and enterprise Patching Services. By pre-vetting the services and offering Patchworx Enterprise services to small mutuals and larger entities, they can get a level of service they would not be able to get elsewhere.

If your water company or any other organization gets Ransomware, Alvaka is without a doubt, one of the best in the best and a good choice for those who hope to recover quickly. In the meantime, here are a few things you can do to defend your organization:

1. Regularly, evaluate your systems for vulnerabilities through penetration testing and vulnerability scanning. Patch identified gaps promptly. No excuses.

2. Segment your network to limit damage from a potential breach. Keep critical systems in separate, strictly controlled segments.

3. Implement multi-factor authentication and strong passwords on access to all systems where it is possible. Regularly, review and update access privileges to limit who can access sensitive data.

4. Install and maintain advanced endpoint security software on all devices to protect against malware, phishing, and other threats.

5. Train employees in basic cybersecurity practices such as identifying phishing emails and avoiding suspicious links. Update training regularly to reflect evolving threats and test how your employees and other system users respond to potential social engineering.

6. Back up your data frequently, offload it to a secure, offsite location, and make sure that a threat actor who gets control of your admin rights cannot negatively impact the backup.

7. Continuously monitor your systems for suspicious activity and log all activity for later analysis and potential incident response.

8. Develop a detailed plan outlining roles, responsibilities, and communication protocols for responding to cyberattacks. Know the who, how, and what of recovery.

9. Subscribe to security advisories and threat intelligence feeds to stay current on the latest cyber threats and vulnerabilities.

10. Share information about cyber threats and best practices with other organizations in your industry to strengthen collective defenses.

Read more about Water & Wastewater Cybersecurity HERE.

Alvaka is available 24×7 to assist you with any of your cybersecurity needs. Fill out the form on this page or call us at (949)428-5000!