United States


Veolia Municipal Water Division Systems Impacted by Ransomware Attack

January 12, 2024

Veolia North America’s Municipal Water division reported a ransomware attack. After detecting the attack, Veolia has implemented defensive measures, temporarily taking some systems offline to contain the breach. Veolia is now working with law enforcement and third-party forensics experts to assess the extent of the attack’s impact on its operations and systems.

read more

Ransomware Attack at Iowa Water & Electric Utility Company

January 26, 2024

Iowa Electric, Water Utility confirmed that a January ransomware attack at Muscatine Power and Water — providing the Muscatine and Fruitland area with internet, TV, phone, water, and electric services for more than 50,000 people —led to the exposure of sensitive information from nearly all local residents.

The company said internet services on the night of the attack were down for eight hours and business systems were restored over several days. “Additionally, at no time were critical controls systems at the power plant or in the field at risk,” the company explained.

read more

Global Pharmaceutical Co. Cencora Reports Discovery of Data Breach

February 21, 2024

Global pharmaceutical corporation Cencora discovered that intruders had stolen data from its networks. The company said in a regulatory filing that data from IT systems “had been exfiltrated” in an incident that came to light on February 21.

The event “has not had a material impact on the Company’s operations,” Cencora said. The regulatory filing did not specify the nature of the intrusion.

read more

Crinetics Pharmaceuticals Investigating Cyberattack

March 22, 2024

Crinetics , a San Diego pharmaceutical development company, said it is investigating a cybersecurity incident following claims from the LockBit ransomware gang that data was stolen.

The Lockbit gang demanded a $4 million ransom and set a deadline for Mar. 23. Crinetics did not respond to questions about whether they were dealing with a ransomware attack.

read more

FL Boat Builder, MarineMax, Hit in Cyberattack

March 10, 2024

One of the world’s largest recreational boat, yacht, and superyacht builders discovered they suffered a cyberattack earlier this week, but the company’s operations remained up and running.
Clearwater, Florida-based MarineMax Inc. discovered the attack March 10, 2024, saying a third party gained unauthorized access to portions of its information environment and filed an 8-K document with the Securities and Exchange Commission (SEC).
“MarineMax, Inc. determined on March 10, 2024, that it experienced a ‘cybersecurity incident,’ as defined in applicable Securities and Exchange Commission rules, whereby a third party gained unauthorized access to portions of its information environment,” the company said in the filing.

read more

Cyberattack Causes Widespread Disruptions at Pharmacies Across the United States

February 21, 2024

Ransomware attack impacts more than 100 Change Healthcare services, including benefits verification, claims submission, and prior authorization. As soon as the breach was detected, Change Healthcare took the drastic step of disconnecting its systems to prevent further damage. Retail pharmacies, some now forced to revert to manual processing, face delays, sparking concerns among patients relying on timely medication.

The AHA (American Hospital Association) has advised health systems to disconnect from Change Healthcare and Optum services. This breach, reportedly due to hackers exploiting vulnerabilities in the ConnectWise ScreenConnect remote IT platform and using LockBit malware, underscores the vulnerability of consolidated healthcare data systems.

read more

Virun Infection in turbo Control System at US Electric Utility

October 1, 2012

In early October 2012 a power company contacte ICS-CERT to report a virus infection in a turbine control system which impacted approximately ten computers on its control system network. 10 plant PCs were infected by Mariposa malware variant, transmitted through a USB stick. Occurred during scheduled shutdown for maintenance.

read more

Ransomware Attack at AW North Carolina Shuts down Operations for 4 Hours

August 16, 2016

The attack against AWNC started on Aug. 16, 2017, when the company’s information technology (IT) systems were infiltrated by a newer strain of ransomware. This malicious software encrypted the company’s critical data and demanded a ransom to restore access to the affected files. It ultimately shut down production lines for four hours at the 2,200-worker plant. The disruption affected not only AWNC, but also its customers as delays in the delivery of transmission components led to a ripple effect throughout the automotive supply chain.

read more

US Natural Gas Compression Facility Shut Down Entire Pipeline for 2 Days

January 1, 2019

Attackers used spear phishing to gain initial access to the IT network, then pivoted into the OT network due to poor segmentation. Then, they planted ransomware.

The attack did not impact any programmable logic controllers (PLCs) and at no point did the victim lose control of operations. Although the victim’s emergency response plan did not specifically consider cyberattacks, the decision was made to implement a deliberate and controlled shutdown to operations.

read more

KHS Bicycle Shipments Delayed for 2 Days after Cyberattack

February 22, 2020

KHS Bicycles suffered an IT system hack over the weekend. KHS’ vice president, Wayne D. Gray, told BRAIN Tuesday afternoon; “Our B2B site is back up and we are shipping from California today,” and that the company would resume shipping from its Kentucky distribution center on Wednesday.

The company was unable to accept or ship dealer orders Monday and early Tuesday. The company was able to restore its email systems Tuesday and is working with security specialists to restore other systems as soon as possible.

read more