A recent ransomware attack caused a US natural gas compressor facility to shut for 2 days, the latest in a string of attacks targeting the country’s energy infrastructure over the past few years.
Hackers sent emails with a malicious link to gain control of the facility’s information technology system, the Department of Homeland Security (DHS) said in an alert on 18 February. The agency didn’t say which facility was targeted, when the attack occurred, or who was behind it.
It appears likely that the attacker explored the facility’s network to “identify critical assets” before executing the ransomware attack, according to Nathan Brubaker, a senior manager at the cybersecurity firm FireEye. This tactic—which has become increasingly popular among hackers—makes it “possible for the attacker to disable security processes that would normally be enough to detect known ransomware indicators,” he said.
The DHS alert comes amid increased concern about whether aging US energy facilities are equipped to ward off cyberattacks that could result in power failures and disruptions to oil and natural gas supply. In 2018, several pipeline companies saw their electronic systems for communicating with customers shut down after being targeted by hackers.