A company operating a key element of the United Kingdom’s electricity grid infrastructure has been hit by a cyberattack, with its employees locked out of their emails and from the company’s network.
Elexon is one of the UK electricity system’s administrators, monitoring the amount of electricity generated by the energy companies and matching this with what the National Grid expects to receive.
The company handles about 1.7 billion pounds of transactions each year through its systems, which cover about 6 million homes in the UK.
On Thursday UK time, Elexon confirmed that it had been hit by a cyberattack, with its employees left unable to send or receive emails.
“The attack is to our internal IT systems and Elexon’s laptops online,” the company said in a statement on its website.
“We are currently working hard to resolve this. However please be aware that at the moment we are unable to send or receive any emails.”
In a further update later in the day, the company said it had “identified the root cause” and was “taking steps to restore” the internal IT systems.
Despite the cyberattack, the UK's electricity grid remains running as usual, with the key systems used to oversee the market not impacted by the hack.
Energy supplies in the country have not been impacted, with “robust cybersecurity measures in place”, a spokesperson for the National Grid said.
“We’re aware of a cyber intrusion on Elexon’s internal IT systems,” the spokesperson said. “We’re investigating the matter and any potential impact on our own IT networks.”
The latest cyber incident comes after the UK’s National Cyber Security Centre warned staff at healthcare and medical research organisations that hostile cyber actors were using the global COVID-19 pandemic for malicious ends, with the workers urged to strengthen their passwords and implement two-factor authentication.
“It is completely unacceptable that malicious cyber actors are targeting those working to overcome the coronavirus pandemic around the world, from experts working on the global health response to hospitals and healthcare systems,” UK Secretary of State for Foreign Affairs Dominic Raab said.
“The effects of these cyber attacks are potentially life-threatening as they disrupt and put pressure on organisations and individuals working hard to save lives.
“The UK will continue to counter those who conduct reckless cyber attacks for their own malicious ends. “
We are working closely with our allies to hold the perpetrators to account and deter further malicious cyber activity around the world.”
Earlier this month, two construction companies involved with building COVID-19 emergency hospitals in the UK were hit by separate cyber attacks.
Interserve, which helped to build the NHS Nightingale Hospital in Birmingham, had some of its operational services affected due to a cyber attack.
The organisation was working with the National Cyber Security Centre to “contain and remedy the situation”, with the Information Commissioner’s Office notified and employees, clients and suppliers warned to “exercise heightened vigilance during this time’.
Bam Construct, which worked on hospitals in Yorkshire, said it had been the victim of a “significant” cyber attack, with its website shut down along with other systems as a precaution.
Malicious actors have also been taking advantage of the COVID-19 pandemic in Australia, with two Australians per day in April falling victim to a coronavirus-themed scam, with government agencies reporting a “significant increase” in the cyberattacks.