WASHINGTON — WSSC Water, which serves almost 2 million residents in Prince George's and Montgomery counties, announced on Friday that it was a victim of a ransomware attack in late May that targeted "non-essential business systems."
The cyberattack occurred on May 24 but the company said drinking water and wastewater systems were not impacted or ever at risk.
In a statement, WSSC Water Police and Homeland Security Director David McDonough said the virus was successfully removed and the company did not pay any ransom to the hackers.
“These attacks have become more common, especially in recent weeks, and WSSC Water has prepared for this type of event,” he wrote.
The company added that files were restored from back-ups and there was no significant impact on business operations, however, some customers may be notified about potential breaches.
"While the virus was not successful, it appears the ransomware criminals did gain access to internal files," the statement read. "As the investigation continues, WSSC Water will notify in writing any individuals whose personal identifying information was exposed. Those individuals will be offered five years of credit monitoring with $1,000,000 in identity theft insurance at no cost to them."
The announcement of the WSSC Water cyberattack came after highly publicized breaches against Colonial Pipeline and JBS Holdings earlier this year.
Both companies were forced to pay millions of dollars to the hackers to get control of their systems back.
With cyberattacks in the spotlight, Senator Mark Warner (D-Virginia) recently called for the Department of Education to urge school systems to improve cyber defenses and for federal dollars to be available to districts.
In a letter signed with Senator Susan Collins (R-Maine), Warner requested that the department offer guidance to school districts across the country about using federal funding from two COVID-19 relief programs for cybersecurity resources.
“Experts agree that the increased reliance on online learning programs is likely to far outlast the pandemic. While online learning offers an abundance of positive opportunities for educators and students, without proper cybersecurity defenses, our nation’s education systems face formidable risks,” the Senators wrote. “School systems must have strong cybersecurity resources available to protect themselves against cyber and ransom attacks. With the increasingly persistent attacks on our schools, they simply cannot wait until they are a target to take action.”
The letter also highlighted the cybersecurity breach at Fairfax County Public Schools last year that led to private information being stolen and published online.
Warner and Collins recommended that the Department of Education set benchmarks for improving cybersecurity and issue guidance on how to best address cyberthreats facing school districts.
On Friday, American University cybersecurity expert Ayman Omar told WUSA 9 that many schools needed to boost protections due to the rising threats facing areas.
"Where’s the back door? Where are the weakest links and how can manage those weak links in place?" he said. "If you’re addressing those weak links effectively and you’re seeing where’s that higher potential of you getting attacked, that’s number one of trying to protect.”
In particular, Omar believed school districts could make a difference by making sure all employees are trained to spot risky emails and cyber threats.
"The first inclination is to spend more money on cybersecurity software. This is good but it’s only one tiny part of a more holistic solution," he said. "How do you do with phishing emails? How do you deal with attempts to breach your network?"
Moving forward, Omar believed it would be crucial for many companies and groups in the DMV to stay on top of cybersecurity as the attempts from hackers grow more sophisticated.
"We’ve got a lot of federal government agencies and universities in the area," he said. "It’s a national security threat to almost any industry that relies on information and technology, which is almost every industry and sector in place.”