Assessment of Ransomware Event at U.S. Pipeline Operator

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported on 18 February 2020 on a ransomware incident impacting a natural gas compression facility at an unidentified U.S. pipeline operator. The ransomware event impacted both IT and ICS assets by causing loss of view and control impacts that caused the facility to implement controlled shutdown processes and resulted in a reported two days of downtime.

Based on information shared with Dragos, as well as noted in public reporting, the CISA alert likely describes the same event reported by the U.S. Coast Guard in 2019.

While causing operational disruption lasting two days, available evidence does not indicate the ransomware adversaries specifically targeted ICS operations.

Read more…
Source: Dragos

Related story: US Coast Guard discloses Ryuk ransomware infection at maritime facility