back to article Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

A US utility company based in Colorado was hit by a ransomware attack in November that wiped out two decades' worth of records and knocked out billing systems that won't be restored until next week at the earliest. The attack was detailed by the Delta-Montrose Electric Association (DMEA) in a post on its website explaining …

  1. Anonymous Coward
    Anonymous Coward

    Lost Data without backups.

    Convenient.

    1. dajames Silver badge

      Re: Lost Data without backups.

      There clearly are backups, as the article talks about data not being restored until next week.

      Of course, restoring the system can't even start until the source of the ransomware has been identified, all traces of it removed, and the point of entry closed. That could take longer than the restore itself.

      It may also be that the data are all backed up, but that getting everything back to a usable state requires restoring a few-days-old full backup and then replaying backed-up transactions from incremental backups until restoration of the 'current' system is achieved. If the incremental backups are also suspect after the attack then the transactions may have to be recovered from logs or re-entered by hand.

      1. John Brown (no body) Silver badge

        Re: Lost Data without backups.

        Depending on the ransomware and it's encryption methods, and the backup methods employed, some of the recent backups and transactions may also be encrypted.

        1. Version 1.0 Silver badge

          Re: Lost Data without backups.

          We've been seeing malware efforts like this for several years now so if you are backing up data then set up a server that does not show up on the network, is read-only and makes regular complete system backups - e.g. tapes. Restoring incremental backups takes a while when malware means that you have to restore everything ... as illustrated (but not described) by this story so a box of complete backup tapes works although restoring all the computers does take a long time.

  2. jetjet

    What kind of databases these guys use if ransomware was able to encrypt them - MS Access / Excel spreadsheets on a shared drive ot MS SQL files accessible by non-administrators or some self made file based "databases", or admins are just too sloppy to trigger the attack themselves.

    Maybe they are hiding something.

    1. Anonymous Coward
      Anonymous Coward

      I don't doubt anything. I briefly worked on a research project where "big data" meant that Excel was crashing on the oldest machines and some horrific PHP apps using a database incorrectly were taking too long.

  3. redpawn Silver badge

    Impending Audit

    Quick wipe the only hard drive!

    1. veti Silver badge

      Re: Impending Audit

      Great. So a company took the hit without paying a ransom, and now it's taking a bigger hit to avoid inconveniencing its customers, and what is its reward? Victim blaming and unbroken cynicism.

      I hope you get to live in the country you deserve.

  4. Yet Another Hierachial Anonynmous Coward

    "explaining that current customers won't be penalised"

    What about the voltage and wattage customers? Will they be penalised instead?

    (sorry, that was the best I could do on a Saturday morning)

    1. stiine Silver badge
      Pint

      You made my Saturday!

      1. Stoneshop Silver badge
        Coat

        You made my Saturday!

        Was it broken, or did it just need assembling?

        The one with its pockets bulging with tools.

    2. Warm Braw Silver badge

      Will they be penalised instead?

      With reluctance, they'll be dealt with by a higher power.

      I hope the impedance to is operations will transform the potential of the company to show resistance rather than be entirely reactive,

      Sorry, it's just a phase I'm going through...

      1. herman Silver badge
        Coat

        Ohmicron

        Resistance is futile.

        1. Anonymous Coward
          Anonymous Coward

          Re: Ohmicron

          Oh my chronic resistance (>0.001 ohm).

    3. Doctor Syntax Silver badge

      I hope they've the capacitance to sort it out without having to charge too much.

      1. Kevin McMurtrie Silver badge

        Watt a second, don't think joule end the this thread that kind of a joke.

    4. Aussie Doc Bronze badge
      Trollface

      Re:

      "Will they be penalised instead?"

      Probably not - Customers would have some resistance, I'd think.

  5. Stoneshop Silver badge

    the potential of the company

    Yes, but do they have the capacity as well as the energy to conduct this shift?

  6. John Brown (no body) Silver badge

    we lost the majority of our historical data for the last 20-25 years.

    Just how much data does *any* company need, going back that far? I bet the vast majority of the "lost" data really isn't needed and is never, ever used or accessed.

    Does it really how much Mrs Miggans paid for energy usage in January 1990? Maybe, when aggregated across her entire history, or that of other customers, but does it matter how she paid and precisely when she paid?

    1. W.S.Gosset Silver badge
      Angel

      Re: we lost the majority of our historical data for the last 20-25 years.

      Are you suggesting that their Data Lake is stagnant?

    2. Doctor Syntax Silver badge

      Re: we lost the majority of our historical data for the last 20-25 years.

      It probably means the forensic analysis revealed they haven't had a tape drive capable of reading the old data since the last but one hardware refresh.

      1. Version 1.0 Silver badge
        Happy

        Re: we lost the majority of our historical data for the last 20-25 years.

        Malware attacks have never accessed a box of tapes in the cupboard. Such safe backups!

        1. Paul Crawford Silver badge

          Re: we lost the majority of our historical data for the last 20-25 years.

          No but incompetence and bad luck have resulted in cupboards of useless plastic...

    3. This post has been deleted by its author

    4. veti Silver badge

      Re: we lost the majority of our historical data for the last 20-25 years.

      The difference between a customer who always pays on time and one who needs chasing - is substantial in that business.

      And then there are the records of properties built, wired, inspected and connected, meters installed... Obviously the vast bulk of records will be substantially newer, but a few outliers can go back a very long way. And *those* records could be very important.

    5. yetanotheraoc Silver badge

      Re: we lost the majority of our historical data for the last 20-25 years.

      "Just how much data does *any* company need, going back that far?"

      It's a cooperative. If it's like the electriticy cooperative I belonged to for a few years: the customers are actually shareholders, getting back a tiny annual return based on historical usage. A pittance in monetary terms, but it's actually the whole business in legal terms. The state government does good business seizing the returns for ex-customers/shareholders who fail to update their address when they move, so they will be highly interested in how the cooperative handles this.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022