A US utility company based in Colorado was hit by a ransomware attack in November that wiped out two decades’ worth of records and knocked out billing systems that won’t be restored until next week at the earliest.
The attack was detailed by the Delta-Montrose Electric Association (DMEA) in a post on its website explaining that current customers won’t be penalised for being unable to pay their bills because of the incident.
“We are a victim of a malicious cyber security attack. In the middle of an investigation, that is as far as I’m willing to go,” DMEA chief exec Alyssa Clemsen Roberts told a public board meeting, as reported by a local paper.
She is said to have confirmed that the co-operative’s billing systems were also taken down by the attackers, telling a local TV station: “And we lost the majority of our historical data for the last 20-25 years. Since then we have been slowly rebuilding our network.”
Billing systems are reportedly not going to be re-established until next week, almost a month after the attack.
Other local newspapers first reported the attack on 16 November, more than a week after it hit on 7 November.
“DMEA discovered a targeted effort to access portions of our internal network system by an unauthorized third party,” said the company statement on its website. “As a result, DMEA lost 90 per cent of internal network functions, and a good portion of our data, such as saved documents, spreadsheets, and forms, was corrupted. It also impacted our phones and emails.”
“We have completed the first few weeks of the investigation,” it added, “and are highly confident no sensitive member or employee information was compromised. Our external power grid and fiber network were also unaffected by this incident.
Reassuringly, it added: “Our power grid and fiber network remain unaffected by the incident.”
Although the company doesn’t mention the word “ransomware”, that particular streand of badness has a devastating impact on victims. As is typical in ransomware cleanups, DMEA said it is working with “forensic and cybersecurity experts to investigate the scope of the incident”. ®