Elexon, a UK Power Grid Balancing, and Settlement Code (BSC) company are reported to have been hit by a ransomware attack which disrupted some of its operations. However, as the impact did not hit the power supply chain none of the customers were affected.
Balancing and Settlement Code is nothing but the legal terms which are written between the supplier and consumer and is governed by a private body like Elexon in Great Britain. In simple words, the company keeps an account of generated power and the consumed units and calculates the tariff rates and transfers related funds to & fro accordingly.
Highly placed sources say that only the internal IT systems of the said BSC company were hit by the malware attack and has infected email operations among the staff members. It took almost 4 hours for the staff to identify the cause of the disruption and contained it by shutting down the network.
But a Cyber Threat Intelligence company named Bad Packets says that Elexon was running an outdated enterprise-level SSLVPN version related to Pulse Secure and so the hackers exploited it to induce ransomware which is yet to be determined.
Note 1- Since 2017 hackers are seen targeting the critical infrastructure of countries and this includes electrical grids and water utilities. And the suspicion is pointing strongly towards Kremlin and Beijing with North Korea acting as a second suspect.
Note 2- In 2018, Ciaran Martin the CEO of the National Cyber Security Center has already warned UK companies operating in Telecom, media, and energy sectors to bolster their defenses against cyber attacks.