Montrose, Colorado-based Delta-Montrose Electric Association (DMEA) should be up and running by the end of this week and completely operational by the end of the year after the utility fell victim to a “sophisticated and malicious” cyber attack in early November.

DMEA Chief Executive, Alyssa Clemsen Roberts confirmed the attack the utility discovered November 7 to the board of directors this past Tuesday (Nov. 30).

“We are a victim of a malicious cyber security attack,” Clemsen Roberts said in a report in the Montrose Daily Press. “In the middle of an investigation, that is as far as I’m willing to go. In the process about 90 percent of our internal controls and systems were corrupted or broken or disabled. And we lost the majority of our historical data for the last 20-25 years. Since then we have been slowly rebuilding our network.”

RELATED STORIES

Clemsen Roberts declined to respond to an attendee’s question on a Zoom conference call asking whether it was specifically a ransomware attack.

While no one is saying this was a direct ransomware attack, however, it is looking like that was the intent as a board member talked about the sophistication of the assault.

“These were very sophisticated people,” DMEA Board Director Bill Patterson said. “ … These hackers, all they want is money.”

In November, the cooperative said there was a “targeted attempt” on its internal network, which took some operations offline, including SmartHub and electronic bill-pay options. DMEA hired an outside organization to conduct an analysis.

The attack affected phones, email, and data such as forms, documents, spreadsheets and historical data. DMEA was unable to take or make payments, but, Clemsen Roberts said the power grid and fiber network were not affected.

The co-op is still dealing with limited functionality of internal systems and working to fully restore the system this week while the investigation continues and DMEA takes “significant measures” to boost network security.

The hope is that operations can fully return to normal by the end of the year, officials said.

“This event will not have an impact on rates,” the presentation document stated.

The proposal and recommendation to the board is that, through the end of January, there will not be disconnects for nonpayment or late fees, plus DMEA will offer three-month payment arrangements similar to the process used during the initial stages of COVID-19.

“What I can tell you right now is we’re still in the investigation. We are still finding things,” Clemsen Roberts said.

Newly seated board member Kevin Williams asked during the Zoom meeting whether any information about members “in terms of addresses and contact information, etc.” was affected.

“We do not believe the customer information system that we have … was accessed at this time. Your address, name and things like that maybe, if it was in an email or something like that, but your personal information about your address, no,” Clemsen Roberts said.


Associated Incidents

  • November 7, 2021: Cyber Attack Damages CO Utility

Associated Malware

No malware identified for this threat actor.

 

Pin It on Pinterest

Scroll to Top