Energy Company Virus Attack

Event Year: 2009 Reliability: Confirmed
Country: Australia
Industry Type: Power and Utilities
Description:

A virus attack on Integral Energy’s computer network forced the company to restructure all of its 1,000 desktops.  Eternal security experts were called in to rebuild all of the desktop computers to contain and remove the virus.  The malware had not affected the power grid.  Chris Gatford a security consultant from Hacklabs had conducted penetration testing on critical infrastructure said there was often “ineffective segregation” or “more typically none at all between the IT network and the network that monitors and controls the infrastructure. However a spokesperson from Integral Energy stressed that the virus attacks Microsoft products and the network doesn’t run on Microsoft and there was no way that the virus could make its way onto the grid.

The virus was the W32 Virut.CF strain which has been described as “a particularly sinister file infector” that spreads quickly and is considered difficult to remove.  Integral Energy’s computer networks were protected by a Symantec security solution, a source said.  The Symantec website states that the virus installs a back door enabling hackers to issue commands to the infected machines via an internet relay chat (IRC) channel.  According to Gatford, the antivirus software was not updated in a timely manner on some machines or the Symantec product could not detect it.

Integral Energy supplies electricity to Western Sydney and Illawarra region of New South Wales distributing electricity to 2.1 million people in NSW.

Impact:

Integral Energy’s computer network was infected with the W32.Virut.CF virus.  All 1,000 of its desktop computers had to be rebuilt.

Action Description: Integral Energy called in a range of experts to help with the virus infection. The company put in place recovery plans to eliminate the virus from its business systems. An investigation is underway to determine the cause of the infection and develop a strategy to minimize risk in the future.