natural gas pipeline

Natural Gas Pipeline Operator Shut Down Due To Ransomware Attack, DHS Reports

Through a “spearphishing link” sent to staff at the facility, hackers were able to deploy ransomware on the operational network, leading to a two-day shutdown.

A major U.S.-based natural gas compression facility was hit with a ransomware attack, causing the pipeline operator to shut down operations for two days, according to a new security advisory issued this week by the Department of Homeland Security.

The advisory, published by the Cybersecurity and Infrastructure Security Agency, said that a hacker was able to gain access to the facility’s operational (OT) network by using a “spearphishing link to obtain initial access to the organization’s information technology (IT) network.”

Hypothetically, IT and OT networks should not be connected, as OT networks are “workstations for managing critical factory equipment and other factory operations,” ZDNet reported. But in this case, the unnamed company did not have those security protections in place.

The attacker was able to deploy commodity ransomware to encrypt data on both the IT and OT networks at the same time before demanding a ransom payment, according to the advisory. The CISA report did not name the natural gas compression company, nor specify when the attack took place. Advisories are usually released as case studies for organizations facing similar threats, featuring tips from CISA on how other facilities can learn from the incident.

“At no time did the threat actor obtain the ability to control or manipulate operations,” the advisory notes. “Although the direct operational impact of the cyberattack was limited to one control facility, geographically distinct compression facilities also had to halt operations because of pipeline transmission dependencies.”

That dependency led to a shutdown for approximately two days. The victim facility’s emergency response plans were not focused on cybersecurity but rather on physical safety.

“The victim cited gaps in cybersecurity knowledge and the wide range of possible scenarios as reasons for failing to adequately incorporate cybersecurity into emergency response planning,” the advisory reads.

Operators are advised to ensure that their emergency response plans include cyber attacks and their varied consequences, including loss of control of their systems and loss of safety. Employees should be equipped with the knowledge and training they need to make quick decisions in the face of a ransomware attack.

While the victim facility in this case was able to obtain replacement equipment and facilitate the data recovery process through last-known-good configurations, other organizations should also consider having the ability to “fail over to alternate control systems,” according to CISA. Manual operation should be possible in the case of a cyber attack, the agency said.

Ransomware attacks hit at least over 200,000 organizations last year, and the average ransom demanded rose dramatically at the end of 2019, according to data obtained by The New York Times. Many organizations and companies do not report the attacks to the FBI or law enforcement agencies, making it more difficult to track the rapid increase in ransomware attacks.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • UK’s NHS Hospital Transforms Security with Edge-processing Camera System

    i-PRO Co., Ltd.,(formerly Panasonic Security), a manufacturer of edge computing cameras for security and public safety, recently announced that a leading teaching hospital in Northeast England, has enhanced its security infrastructure with i-PRO X-Series cameras integrated with Milestone’s XProtect Video Management Software (VMS). Read Now

  • Gun Violence Report Finds Retail Spaces, K-12 Schools Most Targeted

    ZeroEyes, the creators of the only AI-based gun detection video analytics platform that holds the U.S. Department of Homeland Security SAFETY Act Designation, today announced the release of its annual Gun Violence Report, offering a deep dive into the landscape of gun-related incidents across the United States. This analysis extends beyond mass fatality events, providing a more nuanced understanding of when, where, and why shootings occur. Read Now

  • Agentic AI Will Revolutionize Cybercrime in 2025 According to New Report

    Malwarebytes, a provider in real-time cyber protection, recently released its 2025 State of Malware report, which reveals insight into the emergence of agentic artificial intelligence (AI), plus the year’s most prominent threats and cybercrime tactics. The report details a significant uptick in the number of known ransomware attacks, the total value of ransoms paid in 2024, and how IT teams can address them. Read Now

  • ESX 2025 Announces Expanded Schedule of Events

    ESX has announced its dynamic 2025 schedule, set to provide an unparalleled experience for professionals in the electronic security and life safety industry. Taking place June 16-19 at the Cobb Galleria Centre, this year’s event features an expanded lineup of educational sessions, hands-on workshops, inspiring main stage speakers, networking opportunities, and an engaging expo floor showcasing the latest technology. Read Now

New Products

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”