Cyber Incident Victim: WSSC Water
Date:
May 2021
Location:
United States of America
Summary
A ransomware attack targeted non-essential business systems of a major water utility, compromising internal files but not impacting water quality or service delivery to customers. The organization swiftly contained the threat by removing malware, leveraging air-gapped networks, and restoring encrypted data from backups. While operational continuity remained unaffected, the incident exposed potential risks of data misuse, prompting the utility to notify law enforcement and offer affected individuals multi-year credit monitoring with identity theft insurance. The utility emphasized preparedness for such increasingly common cyberattacks, confirming no jeopardy to drinking water safety throughout the event.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 24, 2021, WSSC Water, a utility serving 1.8 million customers in Montgomery and Prince George’s counties, Maryland, experienced a ransomware attack targeting a segment of its network dedicated to non-essential business systems. The company detected and removed the malware within hours, preventing operational disruption to its water filtration and wastewater treatment infrastructure. Attackers gained access to internal files during the breach, though WSSC Water’s air-gapped network architecture isolated critical control systems from compromise. The utility confirmed no impact on drinking water quality or service reliability, with filtration plants continuing normal operations throughout the incident. WSSC Water promptly notified federal and state authorities, including the FBI, Maryland Attorney General, and local homeland security agencies, initiating a coordinated response.
WSSC Water restored affected systems using backups, leveraging prior incident response preparations that included segmented networks and data recovery protocols. The investigation confirmed attackers exfiltrated internal files, prompting customer advisories to monitor financial accounts for potential identity theft or fraud. As a remediation measure, the utility offered five years of complimentary credit monitoring and $1,000,000 identity theft insurance to affected individuals. David McDonough, WSSC Water’s Director of Police and Homeland Security, emphasized the attack’s containment to non-operational systems and attributed the rapid recovery to organizational readiness for such incidents. The event highlighted recurring ransomware threats to critical infrastructure but demonstrated effective mitigation through preemptive security measures and backup restoration.