Colorado Electrical Utility Recovering From Cyberattack

Colorado’s Delta-Montrose Electric Association (DMEA) disclosed that they are struggling to recover from a devastating cyberattack that took down 90% of their internal systems including payment and billing systems, and caused 25 years of historic data to be permanently lost. In an update sent to customers this week, the company said it expects to be able to resume accepting payments during the week of December 6. DMEA did not use the term “ransomware” but said much of their data had been corrupted and their phone and email services were unavailable for several weeks, which indicates that the attack was comprehensive.

Whether data is recovered from backup or recovered by using a decryption key purchased from criminals, the time to recover for something as significant as a public utility can be extensive. External auditing of security and disaster recovery can help set expectations and improve communication following a worst case scenario event like this one. DMEA has suspended disconnects in an effort to preserve services for the people their utility serves, but a disruption like this one can have far reaching effects.

Ransomware is a special type of malware that seeks to encrypt critical data and subsequently offer the decryption key for sale. In some cases, attackers exploit configuration and software vulnerabilities, however usually the encryption software is executed by someone inside the target organization with security privileges. Research suggests that more than 75% of ransomware attacks are executed by nation states or organized crime.