(Reuters) – US authorities said on Thursday that four ransomware attacks had penetrated water and sewage systems in the past year, and they warned similar facilities to check for signs of intrusion and take other precautions.
The warning from the Cybersecurity and Infrastructure Security Agency cited a series of apparently unrelated hacking incidents from September 2020 to August 2021 that used at least three different strains of ransomware, which encrypt computer files and demand payment for their recovery.
An attack on an unnamed Maine wastewater treatment plant three months ago and one in California in August moved past desktops and paralyzed the specialized monitoring and data collection units that issue mechanical commands to the equipment.
The Maine system had to resort to manual checks, according to the warning signed by the FBI, National Security Agency and Environmental Protection Agency.
A marshack in Nev ada also reached SCADA units that provided operational visibility but could not issue commands.
CISA said that it saw increasing attacks on many forms of critical infrastructure, in line with those at the waterworks.
In some cases, water facilities have been handicapped by low municipal spending on technical cyber security.
The Department of Homeland Security Agency's recommendations include access log revisions and strict use of additional password authentication factors.