CISA Alert: Ransomware Impacting Pipeline Operations

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an alert summarizing an incident to which it recently responded. The attack affected the control and communications assets on the operational technology (OT) network of a natural gas compression facility. The incident began with a spearphishing attack that provided access to the information technology (IT) network, from which the attacker pivoted to the OT network. The attacker then deployed ransomware on both networks. The OT network experienced a loss of availability that impacted human machine interfaces (HMIs), data historians, and polling servers. The attack did not impact any programmable logic controllers (PLCs) and at no point did the victim lose control of operations, but the decision was made to implement a deliberate and controlled shutdown of operations. This lasted approximately two days, resulting in a loss of productivity and revenue, after which normal operations resumed. The alert contains technical details about the attack and offers a series of recommendations to prevent and mitigate the effects of similar activity. Read the alert at CISA.