The Ransomware Files, Episode 3: Critical InfrastructureThe Hampton Roads Sanitation District Fought Off the Ryuk Ransomware
When Roger Caslow, CISO of the Hampton Roads Sanitation District, realized his organization was under a ransomware attack, he gave the order.
"I immediately told my engineers: 'Go downstairs and disconnect everything,'" Caslow says. "This is a hard disconnect. Everything is hard - pull plugs, pull plugs, pull plugs."
The district, which serves 1.7 million people in eastern Virginia, was infected with the Ryuk ransomware in November 2020. Fortunately, its operational technology systems were unaffected due to proper segregation between that and its information technology environment.
But the attack took out many of its Windows computers, hampering its email, billing systems and more. HRSD is just one of several water and wastewater facilities that have been hit by ransomware over the past two years.
Experts fear that if the baseline cybersecurity doesn't improve at such facilities, more attacks could come. Think tanks and the U.S. federal government are studying ways to strengthen the defenses of this critical infrastructure sector.
In this episode of "The Ransomware Files," HRSD executives explain how the organization recovered from Ryuk. With the aid of its cyber insurance policy, HRSD was back up on its feet in around three weeks. And it continued to improve its cybersecurity defenses, including more rigorous separation of OT and IT, stronger access controls and better backups.
"The Ransomware Files" is an intermittent podcast miniseries available on Spotify, Apple Podcasts, Google, Audible, Stitcher and more. I'm speaking with those who have navigated their way through a ransomware incident to learn how they fought back and what tips they can pass on to others. No ransomware infection is ever welcomed. But there's invaluable knowledge gained. There should be no shame in getting infected, and it's important to share the lessons.
If you enjoyed this episode of "The Ransomware Files," please share it on your social media platform of choice. If you would like to participate in this project and tell the information security community about your organization's brush with ransomware, please get in touch at firstname.lastname@example.org or direct message me here on Twitter. I'm looking for other people, organizations and companies that can share their unique experiences for the benefit of all until ransomware, hopefully, becomes a thing of the past.
Speakers: Ted Henifin, General Manager, HRSD; Roger Caslow, CISO, HRSD; Leila Rice, Director of Communications, HRSD; Anisea Burl, Accounts Payable Supervisor, HRSD; Mark Montgomery, Senior Director, Center on Cyber and Technology Innovation, Foundation for Defense of Democracies; James Cratty, Acting Regional Director, Cybersecurity Infrastructure and Security Agency, Region 3; Jeremy Kirk, Executive Editor, Information Security Media Group.
"The Ransomware Files" theme song and "Be at Peace" by Chris Gilbert/© Ordinary Weirdos Music.