BWL network infected by “ransomware” phishing virus

UPDATE: 11:44 p.m. – If you’re a BWL customer, don’t worry. Officials say no personal information has been compromised. However, it is causing some inconvenience for BWL workers, because they can’t access their emails or type any word documents.

For those of you at home who are unfamiliar with the term “ransomware,” the Michigan State Police Computer Crimes Unit said the virus is a malicious software that blocks users access to their own computer or computer systems. It also asks the victim for a certain amount of money in order for them to regain access.

“This was a very sophisticated virus that blew right through a number of our security systems,” Trent Atkins, Director of Emergency Management for the Lansing Board of Water and Light said.

The BWL was forced to go on lockdown after it was attacked by a computer virus that placed encryption software on its corporate network. The virus is known as ransomware.

And although there’s been smaller problems in the past, BWL General Manager Dick Peffley says, this problem is bigger.

“In my time at the board of 40 years, I’ve never seen anything of this magnitude,” Peffley said.

“Our time keeping, phones, computers, printers, everything that it takes to do the administrative work that the BWL does right now is shut down.”

Law enforcement agencies including the Lansing Police Dept., The Michigan State Police Computer Crimes Task Force and the FBI are all working with the BWL to investigate this hack.

Details surrounding how it happened, whether or not a ransom was demanded, or why the BWL was targeted, is unknown.

What officials do know is that no personal customer or employee information has, or can be compromised.

“And there have been no threats to the production the transmission or distribution of BWL utilities to our customers,” Atkins said.

MSU Associate Professor for the School of Criminal Justice, Dr. Thomas Holt said the individual issuers behind these phishing attacks, are getting more and more creative about who they target and how.

“Ransomware is not something that just affects businesses, it does affect you and I and it is something that is evolving,” Dr. Holt said.

“What it does, is it encrypts portions of your hard drive so that way it can only be decrypted. In other words, it puts it into a format that nothing else can read and the only way that it can be decrypted or return back into text an materials that you can work with is by using a decryption key,” Holt said. “So the person who sends you this ransomware message or this phishing email that leads to ransomware is the only person that can provide you with the key to decrypt your material.”

He also said in order for the FBI to get involved in these cases, it typically has to involve a dollar amount and jurisdictional issues, state lines, or national lines.”

Despite what can be done, Holt said there are steps you can take to protect yourself.

“The most important thing that you can do to prevent these types of attacks is very, very careful examination on the part of the email recipient,” he said. “You need to be aware of and you need to figure out how sensitive and how careful are you about actually responding to email because that’s the key avenue for this to actually work.”

BWL customers can still make payments online in person or at kiosks while officials work to restore operations.

Right now there has not been a timeline as to when this problem will be solved. 6 News will update you when it is.

 

LANSING, MI (WLNS) – On Monday a computer virus infected BWL’s corporate networks.

The virus is called “ransomware,” which is when a hacker forces someone to pay a ransom to unlock their computers from the virus.

The phishing virus prompted BWL to instate a lockdown to all networks. BWL says no personal customer information has been compromised.

“Basically it’s the corporate side of the company, our time keeping, phones, computers, printers, everything that it takes to do the administrative work that the board of water and light does right now is shut down,” said Dick Peffley, general manager, Lansing Board of Water and Light.

General Manager Dick Peffley says officials are on top of the phishing attack. The attack infected the call center and line outage map.

The virus does not have access to the utility side of the company, said Trent Atkins, director of emergency management, BWL.

BWL says it’s prepared for any storms that may roll through Monday night. Plans are in place so that customers can access the outage map and report any problems.

There is a temporary phone number to call to report outages: 517-342-1030. BWL says the 877-295-5001 outage line will work in coordination with the temporary line. To access the temporary outage map, visit: bit.ly/bwloutmap.

Captain Darin Southworth of the Lansing Police Department said at a news conference Monday afternoon that Lansing Police and Michigan State Police have worked together throughout the day with the Lansing Board of Water and Light.

The investigation is continuing at this time.

“We have performed checks on the city of Lansing’s IT systems and those are all functioning well, we are obviously being very watchful and also protective of the demilitarized zones that we have up, making sure that our systems are up and functioning as well,” said Chad Gamble, chief operating officer, city of Lansing.

We welcome thoughts and comments from our viewers. We ask that everyone keep their remarks civil and respectful. Postings that contain profanity, racist, or potentially libelous remarks will be deleted. We will delete any commercial postings, as well.

1 thought on “BWL network infected by “ransomware” phishing virus

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s