An innocuous message on their website about email being unavailable last week, a one-line alert canceling today’s Board meeting and a social media post led YubaNet to ask if Nevada Irrigation District (NID) had been hacked. The short answer: Yes, but no customer or staff data was compromised. Water delivery, power generation and dam operations were never affected.
Assistant General Manager Greg Jones provided details about last week’s intrusion attempt in a phone conversation.
Last week, an attempt to compromise NID’s servers made it through the first layers of their intrusion protection via their email server. As the malware started moving through the network, the firewall/antivirus/security systems kicked in.
Jones stated NID’s hydro division is isolated from the agency’s network and at no time were dam operations, power generation or water deliveries affected, “those systems were already isolated and were not compromised.”
The district’s IT department, with the help of outside consultants, has conducted a forensic analysis over the past 4-5 days and is rebuilding some legacy servers to further secure the electronic infrastructure. The district will transmit their findings to law enforcement.
“No customer or staff information was compromised,” Jones responded to our question regarding data integrity of customer and personnel files. “All payment information, routing information, our staff files are secure.”
Jones pointed out their intrusion detection managed to stop the malware before it encrypted the district’s data. Their IT department is bringing the various network components back online after extensive checks. Intrusion attempts are common and Jones estimates 2,500 attempts a day on their systems.
The district is the latest in a series of agencies and organizations to have their systems compromised. Sierra College, the city of Grass Valley and the Town of Truckee had their information systems compromised by ransomware. Ransomware is malicious software (aka malware) that gains access to a system. When successful, hackers then threaten to publish or block access to data or a system, usually by encrypting it, until the victim pays a ransom fee to the attacker.
The board meeting, slated for today, has been rescheduled to next Thursday, October 21. 2021 at 9:00 am. An updated agenda will be published this Friday.