Delta-Montrose Electric Association (DMEA) suffered a malicious cyberattack that shut down 90% of its internal controls and wiped 25 years of historical data.

The energy company warned customers would start receiving multiple energy bills close together but promised not to disconnect services for non-payment or impose penalties until January 31, 2022. Cyberattack on a Colorado energy company a suspected ransomware incident · DMEA cyberattack did not leak sensitive employee and customer data.

DMEA says the cyberattack started on November 7 before spreading and affecting internal systems, support systems, payment processing tools, billing platforms, and other customer-facing tools.


The Colorado-based energy company said the cyberattack targeted specific parts of the corporate network, corrupting documents, spreadsheets, and forms, thus suggesting it was a ransomware attack.

The cyberattack also affected the phone and email systems but spared the power grid and fiber network.

“Everyone’s ears perk up when ‘cyber attack’ meets ‘electric utility,’ but thankfully, the grid was not affected in this case,” noted Bill Lawrence, CISO at SecurityGate. “By the way, a large percentage of the smaller, distribution-level electric cooperatives are immune from cyber-attack since they don’t use automation for their operational technology.”

Lawrence, however, noted that the energy company failed to officially report the cyberattack as a ransomware incident despite the evidence. Ransomware attacks cause reputational damage to the victims, and many are hesitant to admit experiencing them.

“Still, this attack on their IT and billing networks stings, and while the term ‘ransomware’ is not in any of the reporting or DMEA’s explanation of events, they had a large portion of their data corrupted, and their internal phone system went down too. It will be interesting to learn the motive behind this attack if there are no ransom demands. Insider attacks motivated by revenge have had these hallmarks in the past.”

DMEA started an investigation to resume operations “as efficiently, economically, and safely as possible.” Sadly, the energy company is still struggling to recover from the cyber attack month later.

However, they implemented temporary payment arrangements and began phased restoration of internal network functions. Customers can pay through a check delivered personally or through the mail. However, those who fail to pay their bills on time would not face disconnections and penalties during the reconstruction period until the end of January 2022.

Saryu Nayyar, CEO at Gurucul said it would take up to two weeks for customers to resume paying their bills online or by phone.

“Utilities tend to have complex networks that often comingle enterprise operations with mission control, but apparently, the grid wasn’t affected,” Nayyar noted. “It’s not enough for these organizations to try to keep attackers out of the network. They also need analytics to be able to determine if their network has been breached and how.”

Leave a Reply

Your email address will not be published. Required fields are marked *