(844) 627-8267
(844) 627-8267

AWA official recounts ransomware attack | News, Sports, Jobs | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Following a ransomware attack two years ago that nearly paralyzed its administrative offices, the Altoona Water Authority has tightened up its information security, according to a staffer’s recent report to the board.

IT Director Aaron Moyer learned of the attack on his way to work on Sept. 6, 2021, through a phone call from a staffer who was already in the office and who had encountered a message on her screen: “Oops, your files have been encrypted.”

The malicious agent behind the message spread through the system, and by the time he got to the authority offices on Chestnut Avenue, “the network was torn apart,” Moyer told the board.

All the servers were contaminated — although there were some segments of the system that had been spared, he said.

Authority officials decided quickly not to pay the ransom, in keeping with advice from the FBI, Moyer said. There’s actually a movement to make such payments illegal, so as not to create further incentive for extortion.

Authority officials developed a plan, which included “trying to figure out what hardware I can work with,” Moyer said.

Recovery began with billing software that was connected off-site, so customer service could resume, Moyer said. Customer data was actually the most-protected information in the system.

The inhouse email server had not been behind a firewall.

Moreover, the software company whose system the authority was using had had a problem at the time, he said.

Prior to the episode, the authority had diligently installed patches that the software company sent periodically. But that is an “uphill battle,” he said.

Since the attack, the authority has installed protective changes that include putting everything behind a firewall; segregating different kinds of data and traffic into isolated networks; creating an ability to turn off outside ports for certain functions; and multi-factor identification for system users, Moyer said.

The authority’s email system is in the cloud, and like all email systems, can still be vulnerable, according to Moyer.

Thus the authority has contracted with a firm to oversee 45-minute training sessions with all computer users, so they can spot malicious email, Moyer said.

The computer systems that operate the water and sewer plants are in a private network, which protects them, according to Moyer.

But they’re old and unreliable, and the authority is looking to replace them with a system connected with the internet, he said.

That means that the authority will need to deal with the kinds of issues it has engaged with on the administrative side, he said.

It also means the authority will need to contend with a lack of fiber optic lines at some locations, including the water treatment plants at Tipton and Mill Run, he said.

The Tipton plant especially would require a long connecting run, with no other potential customers to help defray the cost, officials said.

The authority has made contact with officials from the Department of Homeland Security and the Cybersecurity & Infrastructure Security Agency to help with creating protections for the proposed new plant control systems, according to Moyer.

Mirror Staff Writer William Kibler is at 814-949-7038.

Today’s breaking news and more in your inbox


Click Here For The Original Source.

National Cyber Security