Electric utility hit by ransomware shuts down IT systems for a week

The third-largest electric and water utility in Michigan has shut down all its corporate IT systems while it attempts to clean up after a ransomware attack.

The Lansing Board of Water & Light (Lansing BWL) announced last Monday, 25 April, that it was hit by ransomware after a phishing attack.

Although Lansing BWL said there was no interruption in service, the utility entered a “self-imposed lockdown of all corporate systems,” which has so far lasted more than a week.

The utility’s IT systems, including administrative systems and online customer services, had to be taken offline – including the online system for reporting power outages (customers can call a toll-free number to report outages).

In an FAQ shared via Twitter, Lansing BWL said no employee or customer data was stolen, and credit card information was “not involved” because it is stored and processed by a third party.

The message tweeted out with the FAQ reads:

Early in the morning on Monday, April 25, the BWL became aware of a malware incident that affected BWL’s corporate network. As a precaution we immediately initiated a self-imposed lockdown of all corporate systems. The incident should have no impact on the delivery of your water and electricity. All of BWL’s utility operations are and remain fully functional.

BWL has retained licensed incident response experts with nationwide experience in addressing these types of incidents. In addition to their ongoing efforts to assist BWL in the review and evaluation of BWL’s IT systems, these experts are supporting the return of BWL’s administrative services to full functionality. We continue to cooperate with law enforcement’s ongoing investigation.

BWL and its experts will work continuously until they are satisfied that all systems are fully functional and validated with industry standard security protocols. BWL will keep its customers informed of all progress.

Lansing BWL said it is working with law enforcement as it investigates the attack, but the utility made no mention of how much the crooks demanded for ransom.

A hospital in California paid a ransom of 40 bitcoins (about $17,000) after it was hit by a ransomware attack in February that forced it to shut down all its computers and email for a week.

The hospital relied on fax machines and paper records to keep functioning.

Prevention is far better than a cure. If you’re worried about ransomware affecting your personal or business files or systems, check out our 8 tips for preventing ransomware.