Regional

NID servers compromised – systems are safe

by YubaNet October 13, 2021October 13, 2021

An innocuous message on their website about email being unavailable last week, a one-line alert canceling today’s Board meeting and a social media post led YubaNet to ask if Nevada Irrigation District (NID) had been hacked. The short answer: Yes, but no customer or staff data was compromised. Water delivery, power generation and dam operations were never affected.

Assistant General Manager Greg Jones provided details about last week’s intrusion attempt in a phone conversation.

Last week, an attempt to compromise NID’s servers made it through the first layers of their intrusion protection via their email server. As the malware started moving through the network, the firewall/antivirus/security systems kicked in.

Jones stated NID’s hydro division is isolated from the agency’s network and at no time were dam operations, power generation or water deliveries affected, “those systems were already isolated and were not compromised.”

The district’s IT department, with the help of outside consultants, has conducted a forensic analysis over the past 4-5 days and is rebuilding some legacy servers to further secure the electronic infrastructure. The district will transmit their findings to law enforcement.

“No customer or staff information was compromised,” Jones responded to our question regarding data integrity of customer and personnel files. “All payment information, routing information, our staff files are secure.”

Jones pointed out their intrusion detection managed to stop the malware before it encrypted the district’s data. Their IT department is bringing the various network components back online after extensive checks. Intrusion attempts are common and Jones estimates 2,500 attempts a day on their systems.

The district is the latest in a series of agencies and organizations to have their systems compromised. Sierra College, the city of Grass Valley and the Town of Truckee had their information systems compromised by ransomware. Ransomware is malicious software (aka malware) that gains access to a system. When successful, hackers then threaten to publish or block access to data or a system, usually by encrypting it, until the victim pays a ransom fee to the attacker.

The board meeting, slated for today, has been rescheduled to next Thursday, October 21. 2021 at 9:00 am. An updated agenda will be published this Friday.

I don't have an account I already have an account

We've recently sent you an authentication link. Please, check your inbox!

Get a code sent to your email to sign in, or sign in using a password.

Enter the code you received via email to sign in, or sign in using a password.

Subscribe to our newsletters:

News Regional news
Events Weekly events calendar
Fire News Emergency updates

Lost your password?

Try a different email

Send another code

By signing up, you agree to our Terms of Service.

Sign Up

Sign In