Skip to content ↓ | Skip to navigation ↓

A municipal utility in Michigan reported it fell victim to a ransomware attack last week after an employee opened a malicious attachment received via email.

According to reports, the ransomware encrypted the employee’s files and spread to other computers on the same internal network.

The attack forced Lansing Board of Water & Light (BWL) to shut down its accounting system, email service for approximately 250 employees, and phone lines, including a customer assistance line and the line for reporting outages.

BWL officials assured neither customer nor employee personal information was compromised in the attack.

In a FAQ posted to the company’s Twitter account on May 2, the company noted:

“Based on everything we know now, no credit card information was involved in this incident. Customer credit card information is processed by a third party vendor independent of BWL’s IT systems.”

BWL General Manager Dick Peffley told the Lansing State Journal the virus was “brand spanking new,” which is why its up-to-date antivirus software failed to detect it.

Upon further investigation, the utility company learned only three antivirus solutions could detect the ransomware variant.

“This was a very sophisticated virus that blew right through a number of our security systems,” said Trent Atkins, Director of Emergency Management for BWL.

“In my time at the board of 40 years, I’ve never seen anything of this magnitude,” Peffley added.

As of May 2, BWL’s customer service lines have been restored but other systems have yet to return to normal.

The FBI and local law enforcement agencies, including the Michigan State Police Computer Crimes Task Force, are working with BWL to investigate the attack and retrieve the data.