Ameren Missouri Equipment Supplier Targeted In Ransomware Attack
“The attack techniques evolve literally on a day-to-day basis.”
Ransomware attackers have stolen data from a third-party vendor that supplies utility equipment to Ameren Missouri power plants.
Dozens of data files from Ohio-based LTI Power Systems appeared on a ransomware server in late February, including equipment diagrams and schematics from two Ameren Missouri facilities. No customer information appears to have been involved in the data breach.
St. Louis Public Radio obtained copies of the data files, which span from 1996 to 2017, and involve the Ameren Sioux Power Plant in West Alton and the Labadie Power Plant.
The files include detailed schematics of uninterruptible power supply equipment, used to provide temporary backup power during outages.
Joe Scherrer, director of the Cybersecurity Strategic Initiative at Washington University, said this type of intellectual property can be a valuable commodity in the cybercriminal marketplace.
“This particular incident is, in my view, all about the theft of intellectual property and making it available for sale to nation-states or other companies,” Scherrer said.
This type of data breach has become increasingly common across a wide range of sectors.
According to the cybersecurity company Emsisoft, ransomware attackers targeted 966 government agencies, schools and health care providers in 2019, at an estimated cost of $7.5 billion.
Many companies have strengthened their cybersecurity in recent years and trained employees to recognize phishing scams — one of the most common ways ransomware attacks gain access to internal systems.
Still, ensuring the security of third-party vendors remains a challenge, said Scherrer, particularly as attacks become more sophisticated.
“The attack techniques evolve literally on a day-to-day basis,” he said. “They’re approaching this as a business, as a revenue generator, so they’re going to adapt their techniques and procedures to maximize their returns.”
A spokesperson for Ameren Missouri said the company was investigating the data breach but added that it has “no reason to believe that the information obtained is confidential or critical to our operations.”
“In some cases, standard schematics or drawings are shared with equipment suppliers to support the procurement of certain assets,” the spokesperson said in an email. “But these do not contain classified or confidential information.”