Israeli Electric Authority Hit by ‘Severe Cyber Attack,’ Likely Ransomware

Israel’s Electric Authority was hit by what officials are calling a “severe cyber attack.” Conflicting reports argue the agency was hit by ransomware.

Earlier this week Israel’s Electric Authority mitigated what officials there are calling a “severe cyber attack.”

The Electric Authority is in charge of regulating and overseeing the distribution of electricity in Israel.

The State of Israel’s National Infrastructure, Energy and Water Resources Minister Yuval Steinitz disclosed the incident, calling it a virus Tuesday, during closing remarks at the Cybertech Conference in Tel Aviv.

Details around the incident are a little hazy. Some reports are contesting the attack, insisting the agency was hit by ransomware instead.

According to Steinitz, the incident occurred on Monday, coinciding with rapidly plunging temperatures across Israel. The Minister claims as a result of the attack workers at the Authority powered down parts of the system to prevent the virus from spreading after it struck their computer network on Monday.

According to Haaretz, Israel’s oldest newspaper, Steinitz told a thinning crowd that Authority had the “right software” to tackle the issue.

“The virus was already identified and the right software was already prepared to neutralize it,” Steinitz told the crowd, “We had to paralyze many of the computers of the Israeli electricity authorities. We are handling the situation and I hope that soon, this very serious event will be over.”

According to The Times of Israel he claims the event was “a fresh example of the sensitivity of infrastructure to cyberattacks, and the importance of preparing ourselves in order to defend ourselves against such attacks.”

Conflicting reports on Wednesday argue the Authority wasn’t hit by an attack per se, but by ransomware.

Some reports, including one from the Israeli news site Ynet, states the Authority wasn’t hit by an attack, but instead with malware that prevented access to data “in exchange for ransom.” The article claims the malware locked computers, spread to others on the corporate computer network, and that as of Wednesday afternoon, Israel Standard Time, many machines were still “paralyzed.”

The article cites an unnamed government source, who expressed disbelief the Authority’s networks weren’t properly secured.

“It’s just unbelievable the authority’s computer system was not properly protected.”

The Israeli National Cyber Defense Authority warned last summer the State could be targeted by cyber attacks and that security officials should “prepare for any possible scenario.”

A report in The Media Line on Wednesday talked to Yosi Shneck, SVP of Information & Communication at Israel Electric Corporation, a power supplier in Israel separate from Israel’s Electric Authority. Shneck claims ransomware has hit the IEC’s systems “in recent months” and that his faces “between 4 to 20 million” cyber events in an average month and that he “maybe” knows where the malware originated from, but can’t officially say.

Regardless of whether it’s an attack or ransomware, details around the incident remain scant. It’s unclear who’s behind the malware, or triggered the attack. Steinitz claims there are no suspects and that the National Infrastructure, Energy and Water Resources Ministry and Israel’s National Cyber Bureau are investigating the incident however.

The incident is the latest to affect a nation’s electricity infrastructure.

A cyber attack hit Western Ukraine power company Prykarpattyaoblenergo last month, leaving hundreds of thousands of residents in the Ivano-Frankivisk region in the dark.

Attackers peddling BlackEnergy malware have demonstrated an affinity for targeting power facilities, generation operators, and power sites in the past and are believed to have had a hand in the attack.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.