A firewall breach containing ransomware last Thursday has forced the New Mexico Public Regulation Commission to shut down its web servers, the agency said Wednesday.
“It is going to be some ransomware that has compromised a server,” said Jason Montoya, PRC chief of staff.
As a result, the PRC website is down and the agency’s electronic filing system is offline, forcing people to switch from digital to paper filings, PRC spokesman Deswood Tome said.
“You either have to mail it or hand walk it over here,” Tome said, referencing the third floor of the PERA building at 1120 Paseo de Peralta in Santa Fe.
The state Department of Information Technology, the lead agency in the hacking investigation, is working to get to the bottom of the security breach, Tome said. He said they’re hopeful the assessment will detail how and who launched the cyber attack.
Hackers were able to access the PRC website by breaching the firewall of old state servers, Tome said. But he added that exactly who conducted the cyber attack is still unknown.
FBI spokesman Frank Fischer said his agency is “looking into it.”
The Governor’s Office said the breach was contained.
“It was immediately quarantined and is under investigation – it didn’t spread to anything that the PRC works with,” said Nora Sackett, a spokeswoman for the Governor’s office.
Tome said no sensitive or confidential data was compromised.
As soon as the breach was detected Thursday evening, PRC servers were immediately shut down, he said.
The PRC is responsible for regulating utilities, telecommunication companies, insurance companies, common and contract carriers as well as transmission and pipeline companies. The PRC is also responsible for the state fire marshal and the Firefighters Training Academy.
The Firefighters Training Academy website is also inaccessible.
Despite the PRC servers shutting down, the New Mexico Gas Co. isn’t worried about the security breach, said Tim Korte, the utility company’s communications manager.
“We don’t believe information or data related to New Mexico Gas Co. operations or customers is at risk because our IT system is not tied to the PRC or the state of New Mexico IT system,” Korte said.
Attorney General Hector Balderas said he wants a “special unit” to aid New Mexico’s law enforcement in investigations like this.
“Antiquated approaches no longer work with evolving cybercriminals,” Balderas said.
