In a ransomware attack close to home, the Lansing Board of Water & Light (LBPL), a Michigan municipal utility, in May paid a $25,000 ransom to unlock its internal communications systems after they were disabled by a cyberattack.
General Manager Dick Peffley told the Lansing State Journal it cost about $2.4 million to respond to the emergency, including paying for the ransom and technology upgrades to prevent future attacks. He says all but $500,000 of those costs are covered by insurance. He also stated that paying the ransom was necessary.
LBPL was hit with ransomware after an employee opened an email that had a malicious attachment. The ransomware spread, encrypting files on other computers on the internal network. The ransomware shut down accounting system, email service for 250 employees and phone lines, including the customer assistance line for account inquiries and the line for reporting outages. Printers and other technology were also affected.
LBPL described the “virus” as “brand spanking new,” which is why up-to-date antivirus software didn’t quarantine it. The utility company learned that only three antivirus solutions could even detect this variant of crypto-ransomware.
Trent Atkins, LBPL Director of Emergency Management, added, “This was a very sophisticated virus that blew right through a number of our security systems.”
Peffley also said, “In my time at the board of 40 years, I’ve never seen anything like it. Our time keeping, phones, computers, printers, everything that it takes to do the administrative work that the LBPL does right now is shut down.”
LPBL assured customers that “no personal information has been compromised.”
Records acquired through the Freedom of Information Act by the Lansing State Journal from the utility had a multilayered “Cyber Edge” insurance policy with AIG and the Illinois National Insurance Co. at the time of the attack.
Cyber Insurance is a must for any organization, to not only defray costs of a ransomware attack, but to provide expert assistance in updating and rebuilding systems.