Ransomware attack hits a Summit County water district
Mountain Regional official: No threat to public safety, personal data
The screen went unexpectedly blank on a Mountain Regional Water District computer late last month, the usual backdrop replaced with instructions about how to negotiate with the hackers who had broken into the district’s system.
“We had a ransomware attack,” said Scott Morrison, the district’s general manager. “We had some of our hardware encrypted, basically.”
Mountain Regional is governed by the Summit County Council and it supplies drinking water to much of the Snyderville Basin. Morrison said in a recent interview with The Park Record that the attack at no point threatened public health or safety, nor did it gain access to private customer data or credit card information.
Morrison said the FBI and the Department of Homeland Security are investigating the incident and attempting to recover the data.
Spokespeople from both agencies declined to comment on the attack.
Morrison said the data remains inaccessible, encrypted by the hackers on machines that are removed from the district’s broader network. He said the lost data does not affect the district’s ability to deliver water.
Morrison said he was limited in the details he could discuss, citing the ongoing investigation. Mountain Regional is not the only water district to be targeted in recent months. In February, for example, hackers briefly directed a small water system in Florida to add 100 times the amount of lye to the water than is normally used to treat the water. Lye can be harmful if large quantities are ingested.
It’s an incident Morrison said he knew well.
“It’s scary, certainly. I’m very familiar with it,” he said. “We have additional layers of protection. For someone to get control of our system, there were additional layers of security they needed to get through that thankfully they did not.”
He said the district knows how the hackers gained access to the system, though he would not say how it happened, and that officials have taken steps to block a future incursion.
Ransomware attacks have received increased attention in recent months, with the hijacking earlier this year of an oil pipeline resulting in gas shortages across the Southeast and a multimillion dollar ransom payment.
The attacks generally involve infiltrating a system, encrypting data so that its owner can no longer use it and then demanding payment to restore it. Sometimes the hackers threaten to delete, leak or sell the data, according to the U.S. Cybersecurity and Infrastructure Security Agency.
Morrison did not say how much money the hackers requested to return the data.
“Thankfully, we’re not in a position where we had to pay it, and we just severed that equipment (from the system),” he said.
Summit County Manager Tom Fisher said the county has insurance against cyber attacks, though he indicated the cost might continue to rise as attacks become more common. And insurance can’t replace other damage done or data lost in an attack.
“It doesn’t make it better when it happens to have insurance,” he told the County Council earlier this month.
Morrison said the district received support from Summit County and federal officials, and that the district’s information technology staffers acted quickly to stop the attack.
“One of our IT consultants knew exactly who to call,” he said. “We felt like we mitigated the impacts very quickly, got in touch with the right people. I’m thankful we learned of it and reacted as quickly as we did.”
He said the district has in recent years made efforts to bolster its cyber defenses, not in reaction to a specific incident, but as the industry has been forced to confront the threat.
“We’ve been working on improving our defenses in this way, really it’s been an ongoing effort,” he said. “Even a few years ago, before these ransomware attacks became more prevalent, we were putting in the protections to avoid any sort of widespread impacts to our network.”
He said his responsibilities as the district’s general manager have grown in recent years to make sure the district is protected.
“If you think nationally, we’re a small utility,” he said. “If these perpetrators are coming after utilities like us, I think it just shows that all managers and leaders need to be on high alert.”
The coronavirus figures are lower than what health officials saw late last year but still higher than what’s been reported thus far in 2023.
Support Local Journalism
Support Local Journalism
Readers around Park City and Summit County make the Park Record's work possible. Your financial contribution supports our efforts to deliver quality, locally relevant journalism.
Now more than ever, your support is critical to help us keep our community informed about the evolving coronavirus pandemic and the impact it is having locally. Every contribution, however large or small, will make a difference.
Each donation will be used exclusively for the development and creation of increased news coverage.