Why would hackers attack a water utility company serving an area affected by the hurricanes?
A water utility organization based in Jacksonville, NC recently became a victim of a cybercrime. Last month hackers managed to infect multiple Onslow Water and Sewer Authority (ONWASA) computers with ransomware that spread across the organization encrypting various databases and files. The hackers infected the company’s servers with malicious software and demanded a ransom to decrypt them. ONWASA refused to meet the demands of the cybercriminals and reported the incident to FBI and Homeland Security who are actively investigating the attack. It is currently unknown who is behind the breach, but evidence suggests it comes from a foreign state.
According to Jeffrey Hudson, a CEO of the North Carolina utility company, the breach did not include any customer personal information and the safety of the public’s water supply and the area’s environment was never in danger. Even though that the crisis is with purely technological nature and won’t affect the water supply, many of the company’s encrypted databases were wiped off. ONWASA is collaborating with cybersecurity and IT organizations to recover the information. It will take them months to reconstruct the databases and bring things back to normal. Hackers have deliberately chosen the utility because they knew that the company would need to be in perfect working order to operate during the hurricane season. The cybercriminals were expecting full cooperation and easy money from the utility company.
Attacking water supply company while it is battling the consequences of deadly hurricanes is not the worse hackers can do, they are not afraid to go even lower and often target healthcare institutions. They tend to request ransom from hospitals and are fully aware that the chaos they cause will endanger the lives of hundreds and sometimes even thousands of patients.
Cybercriminals prey on the most vulnerable organizations and people – unethical hackers sometimes steal from large corporations to prove a point and to make a buck, but cybercriminals are generally money driven technology-savvy people with questionable moral values who want to get the most out of their efforts. Interfering with a water utility company serving areas affected by hurricanes is precisely the type of behavior you would expect from such people.
They prey on the weak; there is a reason why healthcare and nonprofit organizations as well as underfunded and often understaffed government organizations, are among the top ten most vulnerable industries to data breaches. Hackers like easy targets and this is how they deal with individuals too – they generally do not go after the powerful, but after the average individuals who do not have the necessary cyber security awareness nor antivirus software to protect themselves.