North Dakota water treatment plant reports March ransomware attack

A water treatment plant serving the city of Minot, North Dakota, was hit with ransomware two weeks ago.

City officials confirmed the incident to Recorded Future News but said the water treatment plant and all facilities related to the city’s water system remained operational and safe at all times. 

“There was no direct ask for money and there was no direct interaction beyond a letter on a screen. All necessary local, state and federal reports have been made,” Jennifer Kleen, the city’s public information officer, said.

When asked if the group had identified itself, Kleen said the letter on the screen “is now in FBI custody and becomes a part of any investigation they may pursue, so further details about the letter would need to come from them.”

The FBI did not respond to requests for comment about the letter. A notice from the government of Minot, which has a population of about 50,000 and is the state’s third-largest city, said the ransomware attack was discovered on March 14. 

City officials unplugged the affected server and conducted manual procedures for about 16 hours, which involved frequent, on-location checks of water gauges. 

“During this event, we had two goals: To be sure our water remained safe, and to ensure proper pressure was maintained in all water storage facilities. Both goals were accomplished thanks to a timely response from all departments involved,” the letter said.

Water utilities have faced a barrage of cyberattacks from cybercriminals and nation-state groups over the last two years due in part to a lack of funding for security measures. While some states have sought to provide funding alongside more stringent cybersecurity regulations, water industry lobbyist groups previously fought federal efforts to institute basic cybersecurity rules.

The issue has grown in prominence in light of recent nation-state campaigns from Iran and China targeting the water sector over the last two years. 

Federal officials and cybersecurity experts have quietly expressed concern about a potential increase in water utility cyberattacks from Iran given that hacking groups connected to the Islamic Revolutionary Guard Corps  were responsible for a campaign targeting U.S. water utilities in 2023 and 2024. 

While the incidents were largely defacements of utility technology, federal officials warned at the time that the attackers may use their access to the devices as a way to gain deeper network level access that would allow them to cause physical damage to equipment or worse.