"A recent ransomware cyberattack caused a natural gas company to shut down a pipeline for two days, according to an alert from the Department of Homeland Security.
DHS's Cybersecurity and Infrastructure Security Agency (CISA) said yesterday it responded to the incident, but the agency did not say where or when the attack occurred. The technical document marks the first time the U.S. government has publicly reported a disruptive hack of U.S. pipeline networks.
The unspecified "threat actor" behind the attack breached the facility's network in a malicious link sent in an email, according to CISA. The malware first infected the information technology network before spreading to the operational technology network in a natural gas compression station. The hackers then triggered the ransomware, which encrypted data and blocked systems from running properly.
The operators of the facility chose to shut down a "pipeline asset" for two days, "resulting in a loss of productivity and revenue," DHS said. The hackers were able to get into the OT networks due the operators not properly dividing it from the IT systems, CISA said."