Michigan Utility Cyber-Ransom Attack Response Totals $2.4 Million

November 21, 2016

Officials say the Lansing Board of Water & Light in Michigan paid a $25,000 ransom to unlock its internal communications systems after they were disabled in the spring by a cyberattack.

General manager Dick Peffley told the Lansing State Journal it cost about $2.4 million to respond to the emergency, including paying for the ransom and technology upgrades to prevent future attacks. He says all but $500,000 of those costs are covered by insurance. He also said paying the ransom was “distasteful and disgusting, but sadly necessary.”

Records acquired through the Freedom of Information Act by the Lansing State Journal from the utility showed it had a multi-layered “Cyber Edge” insurance policy with AIG and the Illinois National Insurance Co. at the time of the attack.

The April 25 cyberattack shut down the board’s email and accounting systems after an employee unknowingly opened an email with an infected attachment. The virus affected email, phones, computers, printers and other technology, and it took about a week for the utility to recover.

Officials said at the time of the attack that the utility service continued but a phone line to report outages was affected along with an online outage map. Peffley said redundancies and separation of its corporate computer network from the utility network allowed it to continue operations.

There is no evidence that shows customer and employee personal information was compromised by the ransomware virus, said utility officials.