Ransomware Leads to Pipeline Shutdown

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed last month that unknown entities had launched a cyberattack on the operational technology (OT) network of a natural gas compression facility.

The intruder used a Spearphishing Link  to obtain initial access to the organization’s information technology (IT) network before pivoting to the OT network. They then deployed commodity ransomware to Encrypt Data for Impact on both networks. Assets experiencing a Loss of Availability on the OT network included human machine interfaces (HMIs), data historians, and polling servers. The Impacted assets were no longer able to read and aggregate real-time operational data reported from low-level OT devices, depriving  human operators with a partial Loss of View. The attack did not impact any programmable logic controllers (PLCs) and at no point did the victim lose control of operations.  Although the victim’s emergency response plan did not cover cyberattacks specifically, plant management decided to implement a deliberate and controlled shutdown until the situation was resolved.

Although ransomware more commonly afflicts IT networks, this shows that OT data networks are not immune.

Read the full CISA report here.