Two Wastewater Plants in Maine Experience Ransomware Attacks

In Maine, two public wastewater facilities recently succumbed to ransomware attacks. The attacks occurred in the towns of Mount Desert Island and Limestone over the holiday weekends in April and July, respectively. Both incidents were “fairly minor, there was no threat to the public, there was no violation, no excursion, no health and safety threat,” according to Judy Bruenjes, a wastewater technical assistance engineer for Maine’s Department of Environmental Protection. In the Limestone incident, an outdated computer running Windows 7 was compromised. In Mount Desert, office computers were compromised and offline for three days and local government officials and cyber professionals were notified. Mount Desert’s treatment plants were not affected because they are manually controlled with no automated inputs. In both cases, neither utility paid a ransom. These two newly disclosed incidents highlight the continuing threat of cyber attacks against water and wastewater utilities. Members are encouraged to visit CISA’s updated StopRansomware.gov guidance and resources to increase their preparedness and resilience against ransomware. Read the full article at The Maine Monitor.