14 DAY TRIAL // The Lansing Board of Water & Light (BWL) announced last week a cyber-attack that partially shut down some of its services following what looks like an unconfirmed ransomware incident.
The infection took place on Monday, April 25, at around 5 AM after a BWL employee had opened a file attachment received via email. The virus encrypted the employee's files but also spread to other computers on the same network.
BWL officials say their antivirus solution was not able to pick up the threat. In a statement to the Lansing State Journal, officials admitted the virus was "brand spanking new," and that, during their subsequent investigation, they found out that only three antivirus solutions were able to detect it. Officials later added that they also upgraded their antivirus solution to one of these three.
Some BWL services had to be shut down
The virus, which shows the behavior of a classic crypto-ransomware infection, caused BWL officials to close down some services. The city-owned utility company had to shut down their internal network and email service used by around 250 employees.
Additionally, a customer assistance phone line had to be shut down for the time being because of the infection. Customers used the phone line for inquiries about their accounts.
BWL officials said that no customer data was encrypted during the incident, but they decided to suspend any power and water shutoffs until the situation clears up.
Water and lighting services remained operational
Lansing city officials explained that the utility provider did not stop water and lighting supply for its customers because of this incident. Customers can still use the company's lbwl.com website for bill payments, turn-on requests, and other inquiries.
BWL says that the rest of its phone lines are working and that its service center located in another building has remained operational.
The utility provider also informed local Lansing (Michigan, USA) police and the FBI about the incident. The company claims this is the first time it has faced a ransomware infection and that previously it only had its website hacked for a few hours.