NEWS

Lansing BWL still recovering after cyberattack

All customer-related functions of public utility's corporate network were restored as of 7 a.m. Monday. E-mail system for employees expected to be back by mid-week. Customer service line works.

Eric Lacy
Lansing State Journal

LANSING - The Board of Water & Light is continuing its recovery process after a cyberattack last week forced the city-owned utility to shutdown several customer services and its corporate network from employees.

Lansing Board of Water & Light General Manager Dick Peffley said Monday the utility is recovering well from last week's cyberattack.

"Things are getting back to more of a normal mode of operations for us," BWL General Manager Dick Peffley said this morning.

The utility shut down its accounting and e-mail systems last week after an employee unknowingly opened an email with a malware-infected attachment at about 5 a.m. April 25. This attack also forced BWL to shut down phone lines, including a customer service assistance line often used for account inquiries.

The customer service line was operable 7 a.m. today and the accounting system authorized payroll last week for employees as it normally would, Peffley said. Employees considered "critical users" couldn't use their BWL-assigned e-mail address this morning, but have access to a temporary e-mail system. The regular e-mail system is expected to be back online by mid-week, Peffley said. Customer and employees' personal information wasn't compromised by the intrusion.

Virg Bernero: Cyberattack galvanizes BWL, Lansing

Peffley wouldn't confirm or deny whether the cyberattack on BWL's corporate network involved a "Ransomware" virus that required the utility to pay a ransom to get its access back. Local, state and federal law enforcement officials began conducting an investigation last week to locate the source of the attack.

Peffley, a BWL employee for about 40 years, said he's hopeful the utility will be able to publicly disclose whether or not a ransom was paid once the investigation is over. "I'm new at this," said Peffley, referring to his knowledge of cyberattacks during emergencies. "I don't want to get good at it."

An email obtained by the LSJ, sent the morning of April 26 by the City of Lansing to employees warned them of Ransomware and mentioned that "a California hospital was in the news recently because of this attack and ended up paying $17,000 to get its files back."

Peffley said the BWL's information technology officials are still testing each computer the utility owns to make sure the virus no longer exists. "There's to my knowledge not a single machine that hasn't been put back to service."

BWL in limbo from cyberattack

As of this morning, the bulk of the utility's expenses incurred after the attack pertained to lost productivity. Peffley said he's not sure if BWL's insurance could recover money lost during the cyberattack or money used to invest in more anti-virus software.

Peffley said last week BWL had up-to-date antivirus software from one of the 50 companies specializing in it. But officials realized that only three of those companies can handle the new virus. The utility has since received necessary protection from one of those three companies, he said.

Peffley said today that he doesn't know what the status of the investigation is, but is hopeful the source of the attack is located. "We haven't heard from them," Peffley said of law enforcement officials. "I think they are off doing what they do, and we'll probably hear updates down the road. We're not sure who led this investigation."

Lansing Police Chief Mike Yankowski wrote in an email Thursday the attack is being investigated by the Michigan State Police and Federal Bureau of Investigation. He declined further comment, saying Lansing is not the lead agency. Jill Washburn, an FBI spokesperson in Detroit, has declined to explain the agency’s role. Messages left with State Police investigators weren’t returned.

Chad Gamble, Lansing’s chief operating officer and public service director, wrote in an email Wednesday to the Lansing State Journal that information technology systems in other city departments have been “very successful” in protecting the city from large-scale cyberattacks and aren’t affected by the breach.

Contact Eric Lacy at (517) 377-1206 or elacy@lsj.com. Follow him on Twitter @EricLacy