April 25 2016 07:41 AM

Expert says utility most likely will have to pay

EDITOR'S NOTE: This report was updated at 7:00 p.m. to reflect new information related to the cyber attack's impact on BWL customer services.

MONDAY, April 25 — A Michigan State University expert says the Lansing Board of Water & Light is likely going to end up paying the cyber thieves who took control of the utility’s corporate network early this morning.

“If they’ve done everything right, the choice you have is to pay up, “ said Associate Professor of Computer Science Richard Enbody. “If the mathematics are correct, you’re not going to crack it.”

BWL officials held a press conference Monday evening to announce that they were working with law enforcement partners from the FBI, Michigan State Police and the Lansing Police Department. They said they had contained the virus to the corporate network and stressed that “no customer data was compromised.”

However, with significant storms rolling into the region this evening, a key function of the BWL has been compromised by the cyber attack -- the customer call center and the BWL outage map. Officials announced a temporary hotline for customers to report outages -- that’s 517-342-1030. To view up-to-date outage information, check bit.ly/bwloutmap.

Shortly after 6 p.m. BWL officials announced the outage hotline had been restored. That number is 1-877-295-5001. Either that number or the temporary hotline number will work this evening in the event of outages, officials said by text.

Officials said they did not have a timeline on when they would have all systems restored, and declined to discuss the investigation.

Trent Atkins, the emergency services director for BWL, did say the virus hit hard.

“This was a very sophisticated virus that blew right through,” Atkins said.

But Enbody didn’t rule out the possibility that BWL and law enforcement computer experts can break the malware controlling the computer systems

“It’s humans doing it, so there can be flaws.”

The BWL’s corporate computer network was seized by a form of malware called “ransomware” this morning, according to officials there. The virus was delivered to the utility’s system through an email. That method is referred to as “phishing,” said Enbody.

Enbody said once someone clicks on the link, it takes them to a website which automatically downloads a virus which encrypts the data on the computer or computer network. When a business or an individual pays the ransom, the hijacker provides an encryption key to free that data.

The good news? The ransom required to obtain the encryption key may not be that expensive, he said. Individuals are often targeted for $1,000 or less to unlock their computers, while coporations are charged a “modest amount.”

He pointed to the case of Hollywood Presbyterian Medical Center, which paid a hacker $17,000 in March to regain control of its systems. At least two other hospitals have been hit with ransomware attacks since then, according to NBC News.

Ransomware can be avoided, Enbody said.

“Phishing is very effective,” he said. “It’s really only ongoing education which will prevent you from doing it.”

He has a word of advice: Don’t click that email link, “especially if it’s from a friend.”

Subscribe to Our Newsletter