Cyberattack Disrupts Phone Payment System
The Cucamonga Valley Water District (CVWD) is investigating a ransomware attack that paralyzed its phone system earlier this month, preventing customers from making phone payments. The cybersecurity incident, which occurred on August 15, 2024, was resolved on Monday, August 26, enabling the CVWD to accept payments by phone again.
“Our team is working diligently to determine the scope of the event,” the water district said in a statement.
Impact and Response
The ransomware attack did not impact the CVWD’s water distribution operations or customer database, which are on separate networks from the phone system. The district serves 190,000 customers within a 47-square-mile area, including approximately 49,000 water connections in Rancho Cucamonga, Upland, Fontana, and Ontario.
The water district notified federal authorities about the ransomware attack, which caused a “network disruption.” However, they did not identify the hackers or disclose whether a ransom had been paid.
Previous Cyberattacks
This is not the first time the CVWD has been targeted by cybercriminals. In 2019, hackers gained unauthorized access to a third-party server used to process customer payments to the CVWD.
“The 2019 data security incident occurred with one of our vendors and the CVWD system was not impacted,” Grubb said. “We have since terminated our contract with the vendor.”
Growing Threat to Water Systems
In March 2024, the federal government warned state governors that foreign hackers are targeting water systems throughout the United States. Specifically, hackers affiliated with the Iranian government’s Islamic Revolutionary Guard Corps (IRGC) carried out malicious cyberattacks against critical infrastructure operations, including drinking water systems.
IRGC hackers targeted and disabled a common type of operational technology used at water facilities that neglected to change a default manufacturer password.
Additionally, the People’s Republic of China state-sponsored cyber organization, Volt Typhoon, has compromised information technology systems used by multiple drinking water operations.
“Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” the letter states.
Ransomware Payment in San Bernardino County
Elsewhere in the Inland Empire, San Bernardino County acknowledged in May 2024 that it, along with its insurer, paid a $1.1 million ransom to a hacker who uploaded malware to the Sheriff’s Department’s computer system. The cyberattack did not compromise public safety but required deputies to rely on other law enforcement agencies for criminal history checks.
Importance of Cybersecurity for Critical Infrastructure
These incidents highlight the growing threat of cyberattacks against critical infrastructure, including water systems. Organizations like the CVWD need to prioritize cybersecurity measures to protect their systems and data. This includes implementing strong passwords, multi-factor authentication, regular security updates, and comprehensive data backup and recovery plans.
The CVWD’s experience serves as a reminder that even essential services like water distribution are vulnerable to cyberattacks. As these attacks become more sophisticated, it’s crucial for organizations to invest in robust cybersecurity measures to protect their operations and the communities they serve.