author photo
By Bruce Sussman
Wed | Oct 17, 2018 | 10:23 AM PDT

"We are in the middle of another disaster, following Hurricane Florence and Tropical Storm Michael."

By "another disaster," Jeffrey Hudson means a ransomware attack on the network of the storm-ravaged water utility he runs.

Hudson is the CEO of ONWASA, the Onslow Water and Sewer Authority in Jacksonville, North Carolina.

The water utility was already busy tracking boil water orders and other impacts of being hit by back-to-back storms. And now this.

"The city of Atlanta was attacked in 2018, Mecklenburg County, North Carolina, was attacked in December 2017. And we were attacked Saturday morning at 3 a.m. Criminals entered our computer system."

It was 3 a.m. on October 15th when an ongoing EMOTET virus attack suddenly launched another virus, known as RYUK, which began quickly encrypting files across the utility company's servers.

[Related: RYUK ransomware nets $680,000 in summer 2018]

There actually was an IT technician on duty at the time, who saw what was happening and started disconnecting things and cutting off ONWASA's network from the internet.

Ransom demand for hurricane ravaged utility

The CEO says the utility company has received a demand to pay the equivalent of a $5,000 ransom. But in a passionate "live on Facebook" staff meeting, he said there is NO way the utility will pay the ransom.

"Do you bow your head, weakly, and say we'll pay you and risk another attack? Or do you look 'em in the eye and say we're Americans, we're North Carolinians, and by golly, we'll survive this too. That's what we say. That's what we're telling the cybercriminals and the world."

Read the ransomware statement from the utility, or watch the Facebook Live announcement:


The utility says it will have to rebuild a number of databases from scratch, email is not usable, and water and treatment plants are being run manually for now. However, it also says there is no safety risk for customers as a result of the attack.

One other thing is also clear: Hackers truly "kicked someone when they were down" in this ransomware attack.

[Cover image credit: @Astro_Alex]