Skip to Content
Computing

Ransomware took an American gas pipeline operator offline

Pipeline in Iceland
Pipeline in Iceland
Pipeline in IcelandPhoto by Mike Benna on Unsplash

Hackers attacked an American natural-gas compression facility with ransomware, according to an advisory from US officials at the Cybersecurity and Infrastructure Security Agency.

The attack started because an employee clicked a spearphishing link, a fake link that opened the door to the hackers. They accessed the IT and then industrial networks.

Impact: The immediate effect was that hackers encrypted data on the victim's networks. The company was unable to read real-time data, prompting a shutdown lasting two days. Both IT and industrial processes were attacked.

The hackers’ actions took human-machine interfaces offline but “at no time did the threat actor obtain the ability to control or manipulate operations,” officials said, a crucially important line that remained uncrossed.

The attack, which came from “commodity ransomware” not specifically designed to attack industrial operations, did not touch programmable logic controllers, which are the devices that directly control the pipeline and related facilities.

Industrial targets: The US officials released the advisory as a warning to other industrial operators. Earlier this month, a report spotlighted ransomware dubbed EKANS that specifically targets industrial networks. 

Into the future: Ransomware is a money-making business whose operators are looking for the biggest cashout. Industrial companies like pipeline operators are an attractive target because shutdowns can be especially costly.

This company, however, failed in its security efforts: its emergency response plan didn't consider cyberattacks, and significant “gaps in cybersecurity knowledge” were blamed for the lack of plans for this kind of scenario.

Ransomware is an estimated $25 billion illicit industry worldwide, a clear sign that the incentives are lined up to keep the attacks coming. 

Deep Dive

Computing

child outside a destroyed residential building in Kiev
child outside a destroyed residential building in Kiev

Russia hacked an American satellite company one hour before the Ukraine invasion

The attack on Viasat showcases cyber’s emerging role in modern warfare.

hacked telecom concept
hacked telecom concept

Chinese hackers exploited years-old software flaws to break into telecom giants

A multi-year hacking campaign shows how dangerous old flaws can linger for years.

stock image of robots in a car plant
stock image of robots in a car plant

Transforming the automotive supply chain for the 21st century

Cloud-based tech solutions are helping manufacturers manage a new ecosystem of suppliers with greater agility and resilience.

gitee censored
gitee censored

How censoring China’s open-source coders might backfire

Many suspect the Chinese state has forced Gitee, the Chinese competitor to GitHub, to censor open-source code in a move developers worry could obstruct innovation.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.