Cyberattack Targets US-Canada Water Commission: Ransomware Group Claims Data Theft
In a concerning turn of events, the International Joint Commission (IJC), responsible for managing the lake and river systems along the U.S.-Canada border for a century, recently fell victim to a cyberattack. Reports emerged suggesting that a ransomware gang had successfully breached the organization’s security, claiming to have stolen a significant amount of data.
Details of the Cyberattack:
The IJC, guided by the 1909 Boundary Waters Treaty signed by both nations, plays a crucial role in approving projects that impact water levels and flows across the border. Additionally, it investigates transboundary issues and offers solutions to address them. On Monday, a group known as “NoEscape” ransomware gang proudly announced their cyberattack on the IJC. According to their claims, they successfully exfiltrated 80 gigabytes of sensitive data, including contracts, geological files, and conflict of interest forms. As is typical with such attacks, the group demanded a ransom from the IJC, providing them with a 10-day window to respond. However, the exact amount they sought to unlock the stolen files was not disclosed.
IJC's Response:
As news of the cyberattack spread, the IJC confirmed that it was indeed dealing with a cybersecurity incident. While the organization acknowledged the issue, they refrained from providing detailed information about whether law enforcement had been alerted or if the attack was affecting their operations. A spokesperson for the IJC stated, “The International Joint Commission has experienced a cyber security incident. The organization is taking measures to investigate and resolve the situation.” Notably, they did not comment on whether they would consider paying a ransom.
NoEscape's Cybercrime Streak:
The NoEscape ransomware gang has been making headlines since its emergence in May. They have claimed responsibility for several high-profile attacks on organizations worldwide, including Germany’s bar association, Hawaiʻi Community College, Australian companies, a Belgian hospital, and multiple manufacturing companies in the United States and the Netherlands.
Cybersecurity in Water Management:
The IJC’s cyberattack underscores a growing concern in the realm of water management, where organizations are increasingly becoming targets for cybercriminals. In recent months, the industry has witnessed a heightened focus on cybersecurity regulation. This includes ongoing legal disputes between state lawmakers and federal regulators regarding rules set by the Environmental Protection Agency (EPA) in March, which introduced cybersecurity assessments into annual state audits of public water systems.
CISA's Response:
As the water industry faces these threats, the Cybersecurity and Infrastructure Security Agency (CISA) has stepped in to offer assistance. This week, CISA announced that it would provide free vulnerability scanning services to drinking water and wastewater systems. These weekly automated scans aim to identify known vulnerabilities in internet-accessible assets, offering regular reports, comparisons, and suggestions for mitigation.
In a statement, CISA emphasized the importance of securing these vital systems, saying, “Drinking water and wastewater systems are vital for our community’s wellbeing. But they’re not immune to cyberattacks.”
As investigations into the IJC cyberattack continue and the threat landscape evolves, cybersecurity remains a paramount concern for organizations managing critical infrastructure, including water systems. Vigilance, preparedness, and collaboration with cybersecurity agencies like CISA are key components in defending against such threats.