Israel's Electricity Authority has been hit by a ransomware attack that paralysed some computers for more than two days, leading to fears that Israel's electrical grid had been hacked and taken down.
On 26 January, Yuval Steinitz, Israel's minister of infrastructure, energy and water, told attendees to the CyberTech 2016 security conference in Tel Aviv that Israel's electricity authority had been hit by a severe cyberattack on 25 January.
"Yesterday we identified one of the largest cyberattacks that we have experienced. The virus was already identified and the right software was already prepared to neutralise it. We had to paralyse many of the computers of the Israeli electricity authorities. We are handling the situation and I hope that soon, this very serious event will be over... but as of now, computer systems are still not working as they should," said Steinitz, according to the Times of Israel.
"We need cybertech to prevent such attacks. Cyberattacks on infrastructure can paralyse power stations and the whole energy supply chain from natural gas, oil and petrol to water systems and can additionally cause fatalities. Terrorist organisations such as Daesh, Hezbollah, Hamas and Al Qaeda have realised that they can cause enormous damage by using cyber to attack nations."
Steinitz's comments sparked concern that Israel's electricity grid had been taken offline, especially after local media were told by an Electricity Authority spokesperson that some computers on the network had been taken offline to prevent the malware from getting to them. The story then took on a life of its own with international media reporting that Israel's electricity grid had been crippled by hackers, and that parts of the grid had been forced to shut down.
Regulatory board employee fell for email phishing attack
However, Eyal Sela, a cybersecurity analyst in Israel, told the Sans Institute, which trains IT professionals on how to properly secure industrial control systems, that the entire incident has been blown out of proportion and is much smaller than previously thought. This version of events was backed up by a Ynet report on 27 January.
Apparently, the Israel Electricity Authority is merely a regulatory body consisting of roughly 30 employees, and the incident occurred after one individual fell for an email phishing attack by opening a suspicious email attachment.
Ransomware is in fact a particularly nasty strain of malware that locks computers and threatens to delete all data unless the user pays a ransom in electronic funds or Bitcoin, and it is believed that the ransomware began spreading through the network and infecting multiple computers, so eventually the Israel Electricity Authority took the decision to take some of the computers offline for two days in order to avoid them being infected.
"It's just unbelievable the authority's computer system was not properly protected," a government source told Ynet.
This incident shows how ransomware is increasingly becoming a force to be reckoned with that even governments struggle with, echoing an incident in 2013 where a US police department paid ransomware demands in order not to risk losing valuable evidence. It also shows how media reports can cause widespread panic and misinformation – and this is all that this was.
Clearly Israel's power network didn't go down, as the Jerusalem Post reported that "the incident occurred during two consecutive days of record-breaking winter electricity consumption, with the Israel Electric Corporation reporting a demand of 12,610 megawatts on Tuesday evening as temperatures dipped to below-freezing levels."