Skip links

The Devastating Consequences of Ransomware Attacks on US Public Utilities

Successful cyber-attacks on US public utilities can have far-reaching and long-lasting consequences. Just think back to the recent cyber-attack on the water treatment facility in Florida and imagine what could have happened if the cyberattack had been successful.

In February 2021, a cybercriminal hacked into the system of a water treatment facility in Florida and adjusted the sodium hydroxide level to 100 times more than its normal levels. Luckily, the interference was detected and sodium hydroxide levels were immediately reduced. In this case, the access to the water treatment systems was gained through an inactive software.

However, there is another emerging cybersecurity threat targeting the US public utility sector, including electric, gas, and water companies. Ransomware is a financially-motivated malware which encrypts and holds data and systems hostage in exchange for a fee. It is becoming more prominent as deploying malware becomes easier and cybercriminals learn the market and its ROI.

But, why target the U.S. public utility sector?

The Growing Ransomware Problem in the US Public Utility Sector

In general, no business is too small for ransomware attacks. Most cybercriminals operate on volume – the more businesses they convince to pay ransom, the more money they make. Driven by financial motivators, cybercriminals target businesses that are least resistant to paying ransom in order to protect the nation against potentially devastating consequences that affect our communities and, ultimately, our daily lives. We have discussed a couple of examples in our latest blog “The battle against ransomware to protect the nation’s cybersecurity.”

Cybercriminals are aware of our dependency on companies that provide essential services, such as general water supply, which is why US public utilities are becoming increasingly targeted by cybercriminals. Furthermore, the unique complexity of this sector’s organizational as well as geographical structure increases their attack surface and, again, enhances the chances of being the next target of ransomware cyberattacks.

Yet, another factor contributing to the growing ransomware problem in public utilities are the ever-evolving interdependencies between the physical and cyber infrastructure leaving massive potential for exploitation without the appropriate anti-malware protection and data backup solution in place. Especially with the increasing menace of Ransomware-as-a-Service (RaaS), hackers have the tools and sophisticated tactics needed to get the job done.

Experts argue that the COVID pandemic has propelled ransomware attacks on critical infrastructure, such as water treatment plants and electric power plants, due to a major shift towards remote work and further implementation of cloud-based operating systems which is allowing easy entry points for attackers.

The Consequences of Malware on Public Utilities 

Ransomware attacks on public utilities are a serious threat that can have detrimental consequences and cause harm to the American people. As seen with the Colonial Pipeline incident, the company was more inclined to pay ransom in order to avoid further damages. And, we are still seeing the impact and consequences of the Colonial Pipeline cyberattack to this day– gas prices remain high along the East Coast.

While the actual downtime of operating systems can cost millions in addition to the ransom fee, the more important question is what are the longer-lasting implications on our public’s health and nation’s economy?

CISA warned pipeline operators about cyberattacks through ransomware in 2020. Last year, a ransomware attack required a natural gas compression facility to halt operations for two days because a cybercriminal gained access to the corporate network and influenced the operational network through encryption. This is yet another example of the fact that no company is exempt from cyber breaches, and, while previously affected water or energy suppliers have navigated the strict demands and disaster recovery somewhat successfully so far, the next victim may not be so lucky.

We need to close the gap and reduce the potential of exploitation by strengthening the US public’s utility cyber defense. Just think, there are about 54,000 distinct drinking water systems in the United States alone. Many of them are currently extremely vulnerable to ransomware cybercrime due to various reasons:

  1. Outdated cybersecurity for energy & utilities
  2. Underfunded IT operations/budget
  3. Increasing reliability on remote monitoring/administering of systems
  4. Remote work due to the pandemic
  5. Staffing shortages that lead to mistakes and/or delays in maintenance

These vulnerabilities play into ransomware cybercriminal’s hands as it can take significantly longer to detect the cyber breach.

How to Proactively Protect Public Utilities from Ransomware Attacks

The cyber landscape is constantly changing and it’s often difficult for organizations to establish effective cyber defense with limited resources and expertise. While there are many things that can help protect the US public sector from ransomware, we at Acronis SCS are convinced it starts with proactively implementing a reliable backup solution.

The increase in sensitive data and use of cloud-based systems drive the growing need for public sector data protection. Yet, due to limited budgets and the common misconception that malicious attacks – ransomware in particular – are few and far between; thus, data protection is rarely prioritized. That is why we have created a series of cybersecurity software solutions that work within limited budgets to provide the comprehensive and effective utility cybersecurity needed by the public sector.

Our Acronis SCS Cyber Protect Cloud is a cutting-edge cybersecurity technology that not only allows secure data backup but also includes advanced AI-technology which protects sensitive information against ransomware.

Benefits of Acronis SCS Cyber Protect Cloud:

  1. CJIS certified
  2. FIPS 140-2 certified
  3. HIPAA certified
  4. Multiple deployment options
  5. Pay-as-you-go & subscription-based pricing
  6. 100% US-based support

In addition to leveling up cybersecurity and endpoint protection, employers should continuously remind their teams to be cautious about downloading email attachments or clicking on unfamiliar links. Being aware of small things like that will help reduce the company’s exposure to ransomware as well as other types of malicious cyber-attacks.

Cybersecurity and Endpoint Protection

Acronis SCS Cyber Protect Cloud at its core is a  endpoint security, or endpoint protection, solution. What that means is that it is purpose built to defend endpoints, such as desktops, laptops, and mobile devices from malicious activity.

Why is that important? As cyberattacks and ransomware are becoming more and more sophisticated, cybercriminals look for the weakest link in a company’s network to launch malware attacks, take control of network resources, and disrupt essential processes. Oftentimes, the weakest link is the absence of endpoint protection which is why endpoint security is one of the most important tactics to strengthen data security.

Anti-Ransomware Solutions 

Another highly effective tactic to defend the US public sector against ransomware attacks is the AI-based anti-ransomware module included in Acronis SCS Cyber Protect Cloud as well as our Acronis SCS Hardened Backup Edition.

What does that mean? Our cybersecurity solution features real-time threat monitoring which detects and stops any malicious attacks or ransomware, in order to protect the most vulnerable and sensitive public sector agencies and organizations.

Data Backup and Recovery Solutions

Protecting public sector data requires meeting strict security and compliance standards. Our cyber protection solutions offer public utility agencies and organizations better data protection with less effort.

With Acronis SCS Cyber Protect Cloud, public sector organizations are only as vulnerable as their latest backup. Avoid serious setbacks, like unrecoverable downtime, interruptions to critical services and public utility infrastructures, or losing the public’s trust.

Acronis SCS Anti-Ransomware Solutions for US Public Utilities

Unlike other backup tools on the market, Acronis SCS Cyber Protect Cloud as well as Hardened Backup Edition provide America’s public utility industry with the peace of mind that utility operations can remain resilient and running, no matter what. Our products undergo extensive testing to ensure they meet the needs of the complex US public sector infrastructures. 

Contact us today and find out how Acronis SCS can help your organization safeguard critical information and systems.