Blew Bayou Chemical Company announced that it had shut down
its Shreveport, LA facility due to a ransomware attack on a control system at
the facility. Only one storage tank safety system is currently affected, but
the decision was made to shut down the entire plant as a precautionary measure.
The Federal Bureau of Inquiry and the ECS-CERT are conducting a joint
investigation.
Johnathan Quest, FBI spokesperson, told reporters that since
the facility is considered critical infrastructure, a ransomware attack is
considered to be a federal crime. “We are working closely with ECS-CERT and the
facility owners to determine who is behind this attack;” Quest said.
Immanuel C. Securitage, ECS-CER spokesperson, confirmed that
it had investigators onsite.
Issac B Kaghun, CEO of Blew Bayou Chemical, told reporters
that the company became aware of the problem when a screen for the safety
control system for the styrene monomer tank turned red and an announcement was
printed on the screen that said a ransom would have to be paid to regain
control of the system. The attackers asked for a ransom of 100 bitcoin for the
return of control of the system.
Securitage told reporters: “The screen claimed that the
safety PLC for the system was under the control of ‘ĀnquánShújīn’, Chinese for ‘safety
ransom’. We have never seen this type of ransomware before.”
An investigator from Dragonfire Cyber working with the ECS-CERT
team speaking anonymously said that, instead of encrypting files as is seen in
most normal ransomware, the AS ransomware reprogramed the PLC to shutdown all
sensors and valve controllers associated with the system.”
Securitage confirmed that the company had removed the
affected PLC from the system and replaced it with a preprogramed substitute
that was kept on hand for emergency situations. “The replacement worked
properly for about five minutes and then it was corrupted as well,” he
explained; “That caused us to assume that there was some sort of worm in the
system that caused the reinfection. We recommended that the company under take
a shutdown of all control systems pending further investigations.”
The company is currently running all safety systems in
manual mode.
No comments:
Post a Comment