Cyberattack Disrupts American Water - Largest Water Utility in the US

American Water, the largest regulated water and wastewater utility in the United States, disclosed on Monday that it fell victim to a cyberattack.  

‍

The company, which serves over 14 million people across 14 states and operates on 18 military installations, said it discovered the unauthorized activity last Thursday and took immediate action, including pausing its billing systems.  

‍

“In an effort to protect our customers’ data and to prevent any further harm to our environment, we disconnected or deactivated certain systems,” said Ruben Rodriguez, a spokesperson for American Water, TechRadar reports.

‍

Although American Water clarified that its water and wastewater operations were not impacted, the company noted that it is cooperating with law enforcement and conducting a thorough investigation.  

‍

“The Company has taken and will continue to take steps to protect its systems and data,” American Water stated in its official 8-K filing, without disclosing the exact systems that were deactivated or the duration of the downtime.

‍

Rodriguez added that customers will not face late fees while the company’s systems remain unavailable. While American Water has not confirmed whether the incident involved ransomware, the shutdown of parts of its network is consistent with typical responses to such attacks.  

‍

Takeaway: Nation-state actors have always seen critical infrastructure as high-value targets, which brings into question how much overlap exists between traditional cybercrime and state-sponsored attacks.

‍

It’s evident that many cybercriminal groups, while appearing financially motivated, may be influenced or even directed by state entities to target sectors that align with geopolitical goals.

‍

This strategic targeting provides these actors with plausible deniability, complicating efforts to attribute attacks directly to a nation-state.

‍

The dual nature of modern ransomware attacks cannot be underestimated. What may seem like profit-driven cybercrime often advances the interests of adversarial nations such as Russia, Iran, China, and North Korea.  

‍

The inherent ambiguity around attributing these attacks provides these states with the cover to deny involvement while benefiting from disruptions to U.S. critical infrastructure.

‍

Ransomware operators aim to maximize their profits through high-impact attacks, but they are acutely aware of the risks involved. Pushing too far can provoke a disproportionate response from targeted nations, escalating beyond the bounds of traditional cybercrime.  

‍

Thus, when attacks on critical infrastructure make headlines and endanger lives, we must consider whether there’s a strategic motive beyond financial gain.

‍

These attacks that disrupt essential services, create public fear, and undermine confidence in government institutions may serve to increase ransom demands, but they also introduce significant geopolitical risk.  

‍

The high level of investment and sophistication required for these operations suggests that financial gain may not be the sole motivation.  

‍

If that were the case, attackers would likely focus on safer targets to avoid triggering responses beyond conventional law enforcement, thereby minimizing the risk of drawing unwanted scrutiny to themselves and the nations that may be sheltering them.

‍

‍

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.