Energy company's website takes ransomware hit from unknown hackers

Energy company's website takes ransomware hit from unknown hackers | Insurance Business

Energy company

The website of Northwest Territories Power Corporation (NTPC) went down last week after hackers managed to disable the site with ransomware.

In a release, NTPC said that it had suffered a “cyberattack from an unknown source,” adding that an investigation into the matter is underway. The energy company also said that there is no timetable for completion of the investigation, and that it has been in communication with both the territorial and federal governments, as well as the federal cybersecurity agency.

NTPC revealed that all electricity systems continue to function, but its email system has been shut down until it can confirm whether it has been compromised by the attack.

Some visitors to the NTPC’s website found a text page that said that their files were encrypted by Netwalker.

CBC News reported that a message had been sent to a user in a position to physically shutdown NTPC computers. The message advised the user that no shutdown should be attempted, since it could destroy the data contained on the computer. The same message did not mention whether there was a ransom involved, or what it could be, but it did offer to decrypt a single file “for free.”

A spokesperson for NTPC confirmed that the cyberattack was a ransomware attack, but did not say if any ransom had been set. RCMP also confirmed with CBC News that it is aware of the alleged “security breach to website and data, with a local utilities provider.”

Brett Callow, a threat analyst with Emsisoft, explained that the cyberattack must have affected more than the energy company’s website.

“Ransomware generally does what it’s supposed to do: encrypt data,” Callow told CBC News. “In some cases, the encryption is not properly implemented enabling us to crack it, but that’s not the case with NetWalker. It’s secure.”

Callow added that the malicious actors may have been only able to access the server that hosts the website, but there is a possibility that they may have been able to penetrate further.