Joseph Menn

SAN FRANCISCO (Reuters), – The U.S. authorities announced Thursday that the ransomware attack had affected four wastewater and water facilities over the past year. Similar plants were warned to inspect for any signs and take precautions.

Cybersecurity and infrastructure security agency alerted that there were at least three distinct ransomware strains used in hacking. Ransomware encrypts computers files and asks for payment.

An attack on an unnamed Maine wastewater facility in June and another in California in August paralyzed special supervisory control devices (SCADA), which give mechanical commands.

According to the alert, which was signed by FBI and National Security Agency as well as Environmental Protection Agency, Maine’s system needed to change to manual controls.

Also, a March hacker in Nevada reached SCADA devices. These provided operational visibility, but couldn’t issue commands.

CISA reported that there were increasing attacks against critical infrastructure forms, similar to those at water plants.

Sometimes, low technology spending by municipalities can cause water infrastructures to be handicapped.

Recommendations from the Department of Homeland Security include strict access log audits, and strict use of other authentication factors beyond passwords.