© 2024 University of Missouri - KBIA
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Ameren Missouri Equipment Supplier Targeted In Ransomware Attack

The Labadie Energy Center was one of two Ameren Missouri power plants involved in the data breach.
File photo | Veronique LaCapra | St. Louis Public Radio
The Labadie Energy Center was one of two Ameren Missouri power plants involved in the data breach.

Ransomware attackers have stolen data from a third-party vendor that supplies utility equipment to Ameren Missouri power plants.

Dozens of data files from Ohio-based LTI Power Systems appeared on a ransomware server in late February, including equipment diagrams and schematics from two Ameren Missouri facilities. No customer information appears to have been involved in the data breach.

St. Louis Public Radio obtained copies of the data files, which span from 1996 to 2017, and involve the Ameren Sioux Power Plant in West Alton and the Labadie Power Plant.

The files include detailed schematics of uninterruptible power supply equipment, used to provide temporary backup power during outages. 

Joe Scherrer, director of the Cybersecurity Strategic Initiative at Washington University, said this type of intellectual property can be a valuable commodity in the cybercriminal marketplace.

“This particular incident is, in my view, all about the theft of intellectual property and making it available for sale to nation-states or other companies,” Scherrer said.

This type of data breach has become increasingly common across a wide range of sectors.

According to the cybersecurity company Emsisoft, ransomware attackers targeted 966 government agencies, schools and health care providers in 2019, at an estimated cost of $7.5 billion.

Many companies have strengthened their cybersecurity in recent years and trained employees to recognize phishing scams — one of the most common ways ransomware attacks gain access to internal systems. 

Still, ensuring the security of third-party vendors remains a challenge, said Scherrer, particularly as attacks become more sophisticated.

“The attack techniques evolve literally on a day-to-day basis,” he said. “They’re approaching this as a business, as a revenue generator, so they’re going to adapt their techniques and procedures to maximize their returns.”

A spokesperson for Ameren Missouri said the company was investigating the data breach but added that it has “no reason to believe that the information obtained is confidential or critical to our operations.”

“In some cases, standard schematics or drawings are shared with equipment suppliers to support the procurement of certain assets,” the spokesperson said in an email. “But these do not contain classified or confidential information.”

Follow Shahla on Twitter: @shahlafarzan

Send questions and comments about this story to feedback@stlpublicradio.org

Copyright 2021 St. Louis Public Radio. To see more, visit St. Louis Public Radio.

Shahla Farzan
Shahla Farzan is a reporter at St. Louis Public Radio. She comes most recently from KBBI Public Radio in Homer, Alaska, where she covered issues ranging from permafrost thaw to disputes over prayer in public meetings. A science nerd to the core, Shahla spent six years studying native bees, eventually earning her PhD in ecology from the University of California-Davis. She has also worked as an intern at Capital Public Radio in Sacramento and a podcaster for BirdNote. In her free time, she enjoys hiking, combing flea markets for tchotchkes, and curling up with a good book.