US natural gas operator shuts down for 2 days after being infected by ransomware

by
Dan Goodin
from Ars Technica - All content on (#4ZJ7J)
gas-pipeline-800x600.jpeg

Enlarge (credit: Glen Dillon)

A US-based natural gas facility shut down operations for two days after sustaining a ransomware infection that prevented personnel from receiving crucial real-time operational data from control and communication equipment, the Department of Homeland Security said on Tuesday.

Tuesday's advisory from the DHS' Cybersecurity and Infrastructure Security Agency, or CISA, didn't identify the site except to say that it was a natural gas-compression facility. Such sites typically use turbines, motors, and engines to compress natural gas so it can be safely moved through pipelines.

The attack started with a malicious link in a phishing email that allowed attackers to pivot from the facility's IT network to the facility's OT network, which is the operational technology hub of servers that control and monitor physical processes of the facility. With that, both the IT and OT networks were infected with what the advisory described as "commodity ransomware."

Read 10 remaining paragraphs | Comments

index?i=8ZSDpXFL8oQ:DrO5o21Wzok:V_sGLiPB index?i=8ZSDpXFL8oQ:DrO5o21Wzok:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments