Breaking# A malware causes German Nuclear Power Plant shutdown on Chernobyl’s 30th Anniversary

A computer virus was discovered at the Gundremmingen nuclear power plant in Bavaria, according to the German BR24 News Agency. The malware was discovered at the nuclear power plant’s Block B IT network that handles the fuel handling system. RWE, who is in charge of the plant shut down the power plant for precaution.

Based on the initial assessment conducted by the experts, the virus has not affected any important parts of the power plant and wouldn’t pose any major threat. The malware affected only the computer IT systems and not the ICS/SCADA equipment that interacts with the nuclear fuel.

The audit revealed that, unlike Stuxnet, the virus wasn’t created to target power plants but was a more commonly seen variant.

“After the discovery of malicious software on a computer in Gundremmingen emphasizes the operator, the control of sensitive areas was not affected. A computerized expert hand warns of belittling: viruses could jeopardize the data security of the NPP,” states a post published by BR24.

Gundremmingen officials said the IT system was not connected to the Internet and that the virus may have been carried into the network on a USB an employee used on his office or home computer, which would be the real source of the contamination.

The virus that was discovered in the system at the Gundremmingen nuclear plant was used to load and unload nuclear fuel from the power plant’s Block B and then transfer old fuel to the warehouse.

Tobias Schmidt, spokesman for the Gundremmingen nuclear plant, said, “Systems that control the nuclear process are analog thus isolated from cyber threats. These systems are designed with security features that protect them against manipulation.”

While the officials did not disclose the name of the malware strain but said it was nothing serious, classifying the whole incident as “N” (normal category).

The malware infection was discovered on Sunday April 24, 2016, but two days later, the power plant is still offline. Today, April 26, 2016, marks 30 years since the Chernobyl nuclear power plant disaster.

Currently, the nuclear plant is going through all the security procedures involved with such events, with its staff scanning all other computer systems and going through all the regular checks and motions before putting the plant back into production.

Cyber attacks against nuclear power plants and industrial control systems are likely at the top of a long list of possible disasters that can be caused by hackers.

In December 2014, the German Federal Office for Information Security (BSI) reported an attack targeting a steel mill in Germany, which resulted in physical damage to the furnace.

While the name of the steel mill wasn’t revealed, the incident clearly indicated that attacks targeting industrial controls could have important results.

The Gundremmingen nuclear power plant is regarded as one of Germany’s most outdated nuclear power plants. Gundremmingen is set to permanently shut down in 2021, but over 750 people protested over the weekend in the hope of convincing authorities to shut down the two reactors left working before the final deadline.

Putting the situation in perspective for Softpedia, Eugene Kaspersky, founder and CEO of Kaspersky Lab, one of the world’s leading security firms, said:

“An industrial control system used for loading nuclear fuel elements at Germany’s Gundremmingen nuclear power plant has been infected with malware. Yes, alarm bells are probably ringing in everyone’s head who’s just read that. Thing is, it’s not surprising. What is rather surprising is that we don’t hear such worrying news more frequently.”

“From what we know, it was not a targeted attack on the power plant’s system; it was just a ‘regular’ infection, contracted most likely by someone connecting a storage device to the system. That’s what we hear from German media.”

“What it shows is the main, basic issue of today’s connected systems: critical infrastructure is as vulnerable as all other systems connected to the Internet. We saw the example of the blast furnace being destroyed by a malware attack (disclosed by Germany’s Federal Office for Information Security); there was Stuxnet – malware allegedly designed to physically destroy nuclear enrichment facilities in Iran.”

“Operators and regulators have to understand that in an age when we see more than 310,000 new samples of malware a day, some of those samples might damage systems they were never intended to be aimed at. For such cases – of course in addition to intentional direct attacks – we have to be prepared.”

Just a week ago, Kaspersky became the first big antivirus company to offer a cyber-security solution for ICS/SCADA equipment.