Sign in / up

back to article Michigan electricity utility downed by ransomware attack

A water and electricity authority in the US State of Michigan has needed a week to recover from a ransomware attack that fortunately only hit its enterprise systems. Lansing's BWL – Board of Water & Light – first noticed the successful phishing attack on its corporate systems on April 25, and has had to keep systems including …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Bill Stewart

    They have no idea whether the data has been stolen - most ransomware follows the "take the money and run" strategy, because it's easy, but once the Bad Guys have access to your system, there's no reason they can't send the interesting data to some server they control, either before encryption or along with the keys. The risk to the Bad Guys of doing that is they're more likely to get caught, especially if the victims hire a security expert to help them through the process (especially before paying any ransom); the benefit is that sometimes the data is worth a lot, and the Bad Guys know the victims weren't running a competent enough shop to stop them before they got infected.

    10 0 Reply
  2. Ole Juul

    another company

    gets a lesson in security

    3 0 Reply
    1. chivo243 Silver badge
      Reply Icon
      Headmaster

      Re: another company

      I'm starting to feel this is the only way they will learn.

      2 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: another company

        I'm starting to feel this is the only way they will learn.

        Not unless it has painful consequences at management level that cannot be spin-doctored away with a crafty press release. Otherwise they'll find some poor schlob who hasn't been covering his or her back too well (usually because they're more focused on trying to do a good job than playing politics) and lay the blame there, after which the merry go round continues:

        Breach - blame - some money spent on improvement - underfunding upkeep - repeat.

        I've seen it often enough to believe that that is a corporate default, especially with quasi-monopolies like utilities and government agencies.

        2 0 Reply
        1. ecofeco Silver badge
          Reply Icon

          Re: another company

          I've seen it often enough to believe that that is a corporate default, especially with quasi-monopolies like utilities and government agencies.

          No need for belief, it is.

          1 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    If they don't recover their billing data

    Many years ago I worked as a *nix Sysadmin at a power company in Oz.

    The IT director there mentioned more than once that if they have non-operational IT for more than 3 days, they might as well shut down the business.

    Wonder if that applies to this Michigan utility as well? If they no longer have their customer usage data since the last billing period - and if they also no longer have debtor/creditor info - they could be in a business ending event. :(

    0 0 Reply
  4. daddyo

    Your usage information was safe before "Smart Meters"

    Because you couldn't get to the clockworks that was summing the current going into the house.

    But when you put in a Smart Meter you are just relying on electronic counters that can be slowed, sped up, and rebooted remotely.

    4 1 Reply
    1. ardichoke
      Reply Icon

      Re: Your usage information was safe before "Smart Meters"

      Irrelevant... As a current (soon to be former) customer, LBWL doesn't have any smart meters. I doubt they even have a plan to roll them out. They only managed to figure out how to post on social media in the last year or two.

      0 0 Reply
    2. bad1
      Reply Icon

      Re: Your usage information was safe before "Smart Meters"

      BWL is gouging customers more than usual telling them they couldn't get a high paid meter reader out to their location for 3 months so they estimated the bills even though the customers live in the city. So they double the price of the bill even though their previous bills were no less than usual. Their meter readers make more than an Optometrist! This is blatant thievery, and they get away with it. They charge over $100 for sewer every month and $300-$400 per month for a 1500 sq Ft house even during a summer which hasn't been very warm and $60 for water when we live surrounded by the Great Lakes and have more inland lakes and rivers than any other state in the country. It's quite obvious this company charges whatever it wants because of greed and because it can. Competition is needed. This company would be driven out of business real fast!! They're greedy thieves!

      0 0 Reply
  5. Anonymous Coward
    Facepalm

    Ironic

    In a story subtitled "Don't click on the links, don't click on the links, don't …"; you include HOW many links??

    4 0 Reply
  6. allthecoolshortnamesweretaken

    "Good Links - Bad Links" - film at 11.

    1 0 Reply
  7. Anonymous Coward
    Facepalm

    Google Android malware attacks Michigan electricity authority

    What are the legal sanctions for allowing peoples personal information to be hacked?

    1 0 Reply
    1. ecofeco Silver badge
      Reply Icon

      Re: Google Android malware attacks Michigan electricity authority

      For you and me? Life in prison. For corporations? A fine. Maybe. If the appeal fails.

      0 0 Reply
  8. scrubber
    Headmaster

    Compromised?

    "We also want to reassure everyone customer and employee data was not compromised."

    Yes it was...

    "to expose or make vulnerable to danger, suspicion, scandal, etc.; jeopardize:"

    2 0 Reply
  9. oneeye

    Don't look Ethel!!! Don LOOOOK! Too late,...she'd already been mooned.

    Funny coincidence though, another Michigan utility, DTE was down for maintenance the other day. Hmmmm? Wonder if it was a full court press for the state?

    2 0 Reply
    1. Nunyabiznes
      Reply Icon
      Joke

      Are you saying the bad guys are on a streak?

      1 0 Reply
  10. David Lawrence

    How hard can it be....

    ..... to have a clever bit of software running, that intercepts ALL inbound emails from external sources, and EDIT them such that all links are turned into plain text before they are allowed through to their original destination?

    I work in IT but I wouldn't have a clue as to whether this is viable or not. It strikes me that it is a potential solution to this particular conundrum.

    Just wondering.

    1 0 Reply
    1. Vic
      Reply Icon

      Re: How hard can it be....

      to have a clever bit of software running, that intercepts ALL inbound emails from external sources, and EDIT them such that all links are turned into plain text before they are allowed through to their original destination?

      It's about half a dozen lines of perl.

      How long do you think you'll be arguing with your users before you disable it again?

      Vic.

      6 0 Reply
      1. Anonymous Coward
        Reply Icon
        Childcatcher

        Re: How hard can it be....

        "How long do you think you'll be arguing with your users before you disable it again?"

        Roughly the round trip time for an email when your locals discover you've also made their pretty HTML signatures "safe". There goes another good idea into the bin.

        2 0 Reply
  11. ardichoke

    LBWL is the height of incompetence

    A few years back, we here in Michigan got a massive ice storm that knocked out power all over the place right around Christmas. Lansing got hit with the worst of it. BWL took WEEKS to restore power to their customers (I, myself was only without power for about 5 days fortunately), all the while providing ZERO updates to their customers through their website, social media, or any other outlet I was able to find. Despite the state of emergency, they only brought in a couple of extra crews from other utility companies to help with the repairs. Oh, and their director left with his family to go to New York on holiday right after the power outage started, real classy move there.

    Meanwhile Consumers Energy (a larger, corporate utility, as opposed to BWL which is city-owned and operated) brought in dozens of additional crews from multiple other utility companies including ones from many states away, and shared timely updates via social media and their website. They had their customers back online in a much shorter time period despite having a much larger area with many more customers that they had to deal with.

    I'm not one for privatization of public services, but when the public utility starts screwing up this bad, maybe it's time to consider it in that particular case. BWL is sadly incompetent. I will be so glad when I no longer have to deal with them.

    0 0 Reply
  12. Anonymous Coward
    Anonymous Coward

    The BWL is run by thieves gouging customers whenever they feel like it. They double the bills without any reason. It's blatant, and the company should be out of business. However, customers have no choice because there is no competition!

    0 0 Reply

    1. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like