New Strain of Malware Can Take Power Stations Offline

Crash Override disabled part of the electrical grid in Ukraine last year, and many more power stations could be susceptible, according to security experts.
New Strain of Malware Can Take Power Stations Offline
Image credit: via PC Mag

Grow Your Business, Not Your Inbox

Stay informed and join our daily newsletter now!
News reporter
2 min read
This story originally appeared on PCMag

A new strain of malware is responsible for a computer malfunction that triggered a power outage in Ukraine last year, according to firms, who believe that it could be used to disrupt power grids in the U.S. and elsewhere.

The malicious software, codenamed Crash Override, is the second malware program that can disable industrial systems like , according to a report from the software security firm Dragos. The first, called Stuxnet, was reportedly developed by the U.S. government and successfully used to disable parts of the Ukranian power grid in 2015.

 

It's unclear who is behind the Crash Override attack, which took place last December. Ukrainian officials have accused of orchestrating it, which Moscow has denied, Reuters reported. Dragos identified a hacker cell known as Electrum as the malware's authors, and it suspects that the group is related to the Sandstorm hackers responsible for the 2015 attack.

Crash Override works by hijacking a power plant's computers in order to create a software loop that forces its circuit breakers to stay open, thereby taking the plant offline, according to the Dragos report. The only way to stop it is for a repair crew to manually assume control of the breakers to close them. Crash Override's methods could likely work for any power station with computer-controlled breakers, and could even be expanded to affect other industrial plants.

"It's a nightmare," Dragos CEO Robert Lee told the Daily Beast. "The malware in its current state would be usable for every power plant in Europe. This is a framework designed to target other places."

The North American Electric Reliability Corp., the industry group responsible for power grid security in the U.S., said that is aware of the malware and working with its member companies to come up with a defense, according to the Daily Beast.

More from Entrepreneur

Get heaping discounts to books you love delivered straight to your inbox. We’ll feature a different book each week and share exclusive deals you won’t find anywhere else.
Amplify your business knowledge and reach your full entrepreneurial potential with Entrepreneur Insider’s exclusive benefits. For just $5 per month, get access to premium content, webinars, an ad-free experience, and more! Plus, enjoy a FREE 1-year Entrepreneur magazine subscription.
Discover a better way to hire freelancers. From business to marketing, sales, finance, design, technology, and more, we have the freelancers you need to tackle your most important work and projects, on-demand.

Latest on Entrepreneur