Ransomware Hits U.S. Electric Utility

The Reading Municipal Light Department (RMLD) was infected with ransomware, as revealed in a statement by the electric utility. RMLD did not disclose the details on how their system was infected or the demands of the group behind the malware. There was also no indication of plans to pay ransom to the threat actors.

RMLD is an electric utility in Reading, Massachusetts. It has been running for 125 years and counting, and is presently serving more than 29,000 residential and commercial customers.

The department affirmed that there were no signs of compromise affecting the customers' financial data such as bank account and credit card information, as these are kept in third-party systems. Payment transactions can still be done in person, online, via phone, or via drop box. They also assured customers that there will be no interruption in the delivery of electric service.

The organization hired an outside IT consultant who will work hand in hand with their own IT team in mitigating the situation.

The recent attack happened on the heels of ransomware cases sweeping the nation early this year after separate campaigns targeted a natural gas facility, a police department, and a maritime base. This is consistent with the trend of having local governments and smaller institutions as ransomware targets, as their limited resources often make it harder for them to recuperate as quickly and effectively as high profile victims.
 

Defense against ransomware

Ransomware threats are growing in quantity and evolving in complexity, as revealed in The Trend Micro 2019 Annual Security Roundup. The roundup disclosed an increase of over 10% in ransomware cases, amounting to around 55 million cases in 2018 to more than 61 million in 2019. Although the number of detected ransomware families decreased from 2018, the newly detected ones, such as Maze, Snatch, and Zeppelin, showed how ransomware families now pack more threats: beyond just encrypting data, some ransomware variants can now copy files automatically, bypass security software, and terminate processes.

[Trend Micro 2019 Annual Security Roundup: The Sprawling Reach of Complex Threats]

Organizations can protect their systems against ransomware attacks by following these best practices:
  • Inspect emails closely. Users should avoid clicking on embedded links and downloading attachments, especially when the email is coming from an unrecognized email address.
  • Back up important files. Follow the 3-2-1 rule by creating three backup copies on two different media and placing one of the backups in a different location.
  • Deploy the latest updates and patches. This will address vulnerabilities in the system that attackers can exploit.
A multilayered approach to security will help safeguard all fronts against ransomware attacks. As the common entry points of ransomware, email and web can be protected through Trend Micro™ Deep Discovery™ Email Inspector and InterScan™ Web Security.

Other layers of the system should also be protected. Trend Micro Smart Protection Suites feature behavior monitoring and vulnerability shielding to mitigate the risks of ransomware infection at the endpoint level.  For networks, Trend Micro Deep Discovery Inspector detects and stops ransomware attacks. For physical, virtual, or cloud enterprise servers,  Trend Micro Deep Security™ blocks ransomware.

In case of infection, the Trend Micro Ransomware File Decryptor Tool can provide decryption for several ransomware variants without needing to pay the ransom or using a decryption key.
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.