Ransomware and Energy and Utilities

June 3, 2021  |  Theresa Lanowitz

This is a blog series focused on providing energy and utility industries with helpful insights and practical, helpful information on cybersecurity.


The exponential growth of IoT devices in the energy and utilities industry has greatly increased focus on cybersecurity. Focus on cybersecurity across industries has increased recently, no doubt due to factors like COVID-19 forcing a jump in remote work. In 2020, we saw cybersecurity move from being a technical problem to a business issue. Along with the recognition that businesses really need to lead with a security-first mindset to be resilient, the CISO was elevated to a seat at the proverbial table as a true C-suite leader and trusted board advisor.

Energy and utilities face unique challenges compared to other industries. According to McKinsey:

“In our experience working with utility companies, we have observed three characteristics that make the sector especially vulnerable to contemporary cyberthreats. First is an increased number of threats and actors targeting utilities: nation-state actors seeking to cause security and economic dislocation, cybercriminals who understand the economic value represented by this sector, and hacktivists out to publicly register their opposition to utilities’ projects or broad agendas. The second vulnerability is utilities’ expansive and increasing attack surface, arising from their geographic and organizational complexity, including the decentralized nature of many organizations’ cybersecurity leadership. Finally the electric-power and gas sector’s unique interdependencies between physical and cyber infrastructure make companies vulnerable to exploitation, including billing fraud with wireless “smart meters,” the commandeering of operational-technology (OT) systems to stop multiple wind turbines, and even physical destruction.”

Let’s look at one type of common and profitable attack that could impact energy and utility companies – ransomware.

What is ransomware?

Ransomware is exactly as the name implies – something valuable to your business is being kept from you until a ransom is paid for its return. In simple terms, ransomware is extortion.

Ransomware, a form of malicious software, blocks you from accessing your computer systems or files until you pay the cyber adversary to allow you access to your information. The ransom is typically requested in crypto currency because of its anonymity and ease of online payment – this translates to no tracing of the origin or destination of the funds, a common tactic of cyber criminals.

Knowingly infecting a system with ransomware and requesting payment to unlock the system is a crime. Law enforcement agencies recommend not paying the ransom associated with ransomware. The thought is that if the ransom is paid, you as the victim of ransomware are then identified as an easy target for further cybercrime and the ransomware attack is perpetuated against others.

Who is the target of ransomware?

Cyber criminals seek the path of least resistance in their targets and strike against businesses that are easy targets. Ransomware is a business and the perpetrators, like any good businessperson, are looking for a strong ROI.

The COVID pandemic proved that cyber criminals are ruthless, show no mercy, and will attack the most essential types of businesses – schools, churches, and hospitals. These cybercriminals follow current events and will launch campaigns tied to events in the news and hope that their target will take their bait and open an infected file, browse an infected web page, or click on a malicious link.

No business is too small to be the target of ransomware.  While you may think your business to too small to be on the radar of a cybercriminal, think again. Cyber criminals operate on volume. The more businesses a cybercriminal can get to pay ransom, the more money they make.

How does a company become infected with ransomware?

Just as in movies and TV shows, when your business in infected with ransomware you will get a screen that says something to the effect of “Your files are locked. Send XXXX bitcoin to this address by a specific date. If you do not pay we will delete/release your files”.

This may seem as though it is something from a movie, but unfortunately, this scenario plays out in businesses around the world every day. And ransomware is becoming more common because the cybercriminals are getting better at disguising themselves.

And, how did you become infected with ransomware to begin with? It is really quite easy for the cybercriminal to easily make their way into your business, especially with good disguises such as a realistic looking email from a reputable company or campaigns that play on emotions.

The cybercriminal may enter through:

  • Email attachment in a phishing campaign in a PDF or Word document
  • Email links to malicious websites that when clicked on infect your system
  • Infected websites that through simple navigation to the site may infect your computer with ransomware

 Seemingly innocuous tasks such as opening an email, downloading an attachment, or navigating to a website can easily infect you with ransomware.

Why is ransomware used?

Ransomware is used because it works.

 Abruptly stopping your business is something that is probably catastrophic. Without access to your digital assets and systems your business cannot move forward and cybercriminals know this.

Cybercriminals use ransomware because they know it works. The ROI on ransomware makes the attacks worthwhile to the cybercriminal. Most businesses do pay the ransomware to avoid a complete stoppage of work.

When should I be on the look out for a ransomware attack?

Always be aware of ransomware attacks. Once businesses face a complete stoppage from a ransomware attack, cybersecurity is usually taken more seriously. Ransomware is an expensive lesson.

How can energy and utility companies protect themselves from falling prey to ransomware?

You do have to continue with your critically important business. And, protecting your business from ransomware attacks should not force you to go back to analog methods of business. The digital age marches on, even with cybercriminals in our midst.

Some simple ways to protect your company from ransomware attacks include:

  • Email management – ransomware is primarily delivered via phishing. Use a tool or service to prevent phishing
  • Patch management – ransomware uses known openings in common software such as productivity applications to introduce infected websites. Make sure you are up to date on the software you use and continue to take updates – software is constantly being patched.
  • Anti-malware tools – install these tools across your business to proactively scan for malware and prevent the installation of it on your systems.
  • Backups – Use the 3-2-1 method for backups:
    • 3 – Make three copies of your data – the original and two copies
    • 2 – Use two different storage types for the copies – this minimizes the chance of failure
    • 1 – Keep one copy offsite – this minimizes natural or geographic catastrophes and means you always have a good clean copy of your data
    • And…backup your most important assets daily.

Ransomware is clearly a reason for the utilities and energy industries to take cybersecurity more seriously. It may mean the industry could create new roles to fill gaps in the business risk and IT departments, drive additional compliance and regulatory requirements and in general increase the budget allocated to cybersecurity.

If your company lacks cybersecurity expertise at this time, you may look at hiring trusted and experienced consultants to help you out.

Take control by proactively making your company a place that cybercriminals do not want to visit.

Share this with others

Featured resources



2024 Futures Report

Get price Free trial