Ransomware hits computer networks of North Carolina water utility

The utility has vowed not to pay a ransom for the attack, which will force the company to rebuild its computer systems.
verizon 2018 DBIR

A North Carolina water utility has been infected by ransomware in a breach the company says has forced customer-service functions offline and will require it to rebuild its computing infrastructure.

Jacksonville, North Carolina-based Onslow Water and Sewer Authority (ONWASA) said in a statement that it was hit by the Ryuk ransomware virus in the middle of the night on Saturday. That followed the spread of the “polymorphic” EMOTET malware through the utility’s networks beginning Oct. 4, according to the statement, in a pair of infections that overwhelmed IT personnel. The attack has left the utility operating with limited computer capabilities, with workers setting up accounts and fulfilling service orders manually.

“We experienced a catastrophic loss inside our computer network,” ONWASA CEO Jeffrey Hudson said in a video posted to the utility’s Facebook page.

Customer information wasn’t compromised, and the incident does not affect the safety of the water supply, the utility emphasized. Customer information is stored offsite in a vendor’s cloud computing system, the statement said.


The ransomware attack will not interrupt water and wastewater service to homes and business, ONWASA said. The utility serves about 150,000 people, Hudson told CyberScoop in an email.

ONWASA said “cyber criminals” had carried out the attack on the utility’s servers and personal computers, and that the utility had received one email from the criminals, “who may be based in a foreign country.” ONWASA vowed not to pay any ransom and to instead “undertake the painstaking process of rebuilding its databases and computer systems from the ground up.”

The utility is working with the FBI, the Department of Homeland Security, North Carolina state authorities, and several cybersecurity companies to respond to the ransomware infection, ONWASA said. An FBI spokesperson confirmed the bureau is investigating the incident.

The North Carolina utility said the incident is similar to another ransomware attack on official county computer systems in Mecklenburg County, North Carolina, last year. Officials in that case also opted not to pay the ransom, and to instead rebuild their computer networks.

ONWASA’s press release said that hackers had “specifically targeted” the utility in the wake of Hurricane Florence. Last month the storm ripped through Jacksonville, a city of 70,000 near North Carolina’s Atlantic coast, pummeling a local high school. As Florence made landfall, state officials had warned that cybercriminals could try to exploit victims of the hurricane or those trying to aid the victims.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts