American Water starts to reactivate systems after Oct 3rd cyberattack


American Water Works announced late Wednesday it has begun the slow and methodical process of bringing its IT systems back online after suffering a massive cyberattack last week.

In an update sent directly to Cybernews, the public utility company said it has also restored its MyWater customer billing portal, which had been taken offline, along with “certain systems” disconnected as part of its incident response protocols.

American Water said it is now in the process of “methodically and securely reconnecting and reactivating the systems” that had been shut off as a failsafe to contain further damage to its networks.

ADVERTISEMENT

The latest reactivation efforts took place only after “internal and external security teams” had determined the “systems were secure.”

With 6,500 employees, American Water is the largest regulated water and wastewater utility company in the US.

The service company provides safe, clean, reliable, and affordable drinking water and wastewater services to more than 14 million people, across 14 states and 18 military installations, the company’s website states.

The company reiterated its previous statement sent to Cybernews on October 7th that the New Jersey-based company “continues to have no indication that its water and wastewater facilities were impacted” by what it refers to as a “cyber incident.”

Water quality was not affected and the "water is safe to drink," the update further noted.

American Water website reactivation
amwater.com. Image by Cybernews.

The MyWater customer payment platform, which has been down since the start of the week, is said to be fully operational as of Wednesday, with “all standard billing processes” functioning normally.

Along with the revived portal, customers can expect standard billing to resume and any canceled service appointments to be rescheduled.

ADVERTISEMENT

The company also reminded customers that there would be no late charges for missed payments during the portal outage, which took place from Monday, October 7th through Thursday, October 10th.

“We sincerely regret any inconvenience this has caused and appreciate our customers’ patience over the past few days,” American Water said.

Ransomware attack possible?

There is still no word whether any data was stolen during the American Water cyberattack, or if any threat actors have come forward to claim responsibility.

If he had to speculate, Kevin Kirkwood, CISO at cybersecurity and compliance firm Exabeam, believes American Water could potentially be “the victim of a ransomware event” due to the company having to shut down its billing systems, pointing to issues with internal corporate backend systems.

“Given the large segment of water and wastewater treatment facilities that American Water covers, if control systems had been compromised, we’d likely be hearing about plants shutting down and advisories to boil water across states,” Kirkwood said.

Kirkwood also points out that although backup and recovery systems are critical to recovering from any ransomware event, “the real challenge is ensuring the recovery process doesn’t inadvertently restore any malware, access points, or egress mechanisms the attackers may have put in place.”

“If organizations do not have qualified backup systems, or can’t determine the degree to which their recovery mechanisms are impacted, we’ll hear about more companies paying ransoms,” he added.

American Water said the week-long investigation into the nature and scope of the attack continues with the help of law enforcement and security teams.

“Investigations of this nature take time, and the company will share any additional information as, and when, appropriate,” it said.

ADVERTISEMENT

American Water said it has taken additional steps in the meantime to “strengthen the cybersecurity of our systems. Our customers remain our highest priority.”

Customers can visit the American Water website for further information.