A Ransomware Attack Shut a US Natural Gas Plant and Its Pipelines

Long-time Slashdot reader Garabito writes: The Department of Homeland Security has revealed that an unnamed U.S. natural gas compression facility was forced to shut down operations for two days after becoming infected with ransomware.

The plant was targeted with a phishing e-mail, that allowed the attacker to access its IT network and then pivot to its Operational Technology (OT) control network, where it compromised Windows PCs used as human machine interface, data historians and polling servers, which led the plant operator to shut it down along with other assets that depended on it, including pipelines.

According to the DHS CISA report, the victim failed to implement robust segmentation between the IT and OT networks, which allowed the adversary to traverse the IT-OT boundary and disable assets on both networks.