Executives at UK power trader Elexon have seen copies of their passports posted online by hackers looking to extort money from them.
Elexon runs the UK’s Balancing and Settlement Code, a method of matching electricity production with predicted volumes.
On 14 May, the company announced its internal computer systems were affected by a cyberattack. It did not give any further details but did say most operations were unaffected. Meanwhile, company staff were unable to send emails until the “root cause” was identified later in the day.
Update on our internal IT issues: We have identified the root cause of a cyber attack and are working to resolve the issue. BSC Systems (and their data) and EMR are currently unaffected and working as normal. Please see this notice for more information: https://t.co/OGf0lyurlH
— ELEXON UK (@ELEXONUK) May 14, 2020
The company’s internal data was stolen by cyber infiltrators using REvil or Sodnokibi malware. However, it has not given details of how this programme gained access to its system. Elexon has said no customer data was compromised by the hackers, and the public is not at risk.
In a statement, the company reassured customers that the balancing and settlement systems known as BSC Central Systems were unaffected.
It said: “There are no communications link or data traffic between the BSC Central Systems and the internal Elexon network which was impacted by this incident. The security of the BSC Central Systems is integral to the design and operation and at this time security has been further enhanced.”
Elexon is hackers’ second energy target this year
Their data is now being held to ransom, with the infiltrators posting copies of documents on the dark web. Computer Business Review reported this includes the passport of Elexon director of customer operations Victoria Moxham.
Internal communications were also posted, including messages concerning the data breach itself. This means the intruders continued copying documents after the breach was initially discovered.
In March, the company was reported to be running an unpatched Pulse Screen VPN server, a known target for cyber-criminals. In the same month, European high-voltage power networks were infiltrated, as confirmed by transmission network operator ENTSO-E.
Elexon handles around £1.7bn of power producers’ transactions every year. The company has not yet replied to requests for comment.