Image: Nikola Johnny Mirkovic
Elexon, a crucial middleman in the UK power grid network, reported that it fell victim to a cyber-attack earlier today.
In a short message posted on its website, the company said the incident only impacted its internal IT network and employee laptops.
The company’s email server was also impacted and had been taken down, cutting employees off from crucial communications.
Systems that managed the UK’s electricity transit were unaffected, according to Elexon.
In a subsequent message posted later in the day, the company said it already identified the root cause of the incident, and was working to restore its internal network and employee laptops.
Suspected ransomware incident
The company didn’t specify the nature of the cyber-attack, but experts believe this is a ransomware incident due to the destructive nature that caused employees to lose access to laptops and the company’s email server.
According to threat intelligence company Bad Packets, Elexon had been running an outdated version of Pulse Secure, an enterprise-level SSL VPN server that lets employees access internal networks across the internet.
Bad Packets told ZDNet that Elexon had been running an outdated version since last summer, when a major vulnerability was disclosed impacting Pulse Secure VPNs, and Bad Packets started scanning the internet to keep track of patch rates.
US and UK cyber-security agencies have sent multiple alerts about this particular vulnerability (CVE-2019-11510), which has been commonly exploited to breach corporate networks and install ransomware.
Bad Packets said that during its last scan in March 2020, Elexon was still running an outdated Pulse Secure VPN installation.
Electricity supply not impacted across the UK
Elexon is a crucial player on the UK electricity market. The company manages electricity supply and demand and moves power around the network as it’s needed.
In a tweet today, the UK’s National Grid agency said the incident did not affect electricity supply across the UK.
We’re aware of a cyber attack on ELEXON’s internal IT systems. We’re investigating any potential impact on our own IT networks. Electricity supply is not affected. We have robust cybersecurity measures across our IT and operational infrastructure to protect against cyber threats. https://t.co/7R2NeIB57l
— National Grid ESO (@ng_eso) May 14, 2020
British newspaper The Telegraph first reported on Elexon’s cyber-security incident earlier today.