With global news reporters all over the world talking about the USA Colonial Pipeline ransomware attack, you must have questions about what happened. What happened on May 7th, 2021 to the oil pipeline? Who is responsible for it? Did they pay the ransom? In this blog, we answer all of your questions and review what the pipeline oil ransomware attack taught us.
On May 7th, 2021, the Colonial Pipeline in the USA was rocked by a major ransomware attack. It shut down operations. With a 5,500-mile-long pipeline that travels over 100 million gallons of gasoline from state to state, it instantly closed due to the impact of the attack. The company called in third-party cyber security authorities.
Reports are claiming that the DarkSide ransomware group is responsible for the attack. They’re known for stealing 90 million in Bitcoin just a few months after the group formed.
The Colonial Pipeline Company is taking action and are starting to create a system re-start plan to close this attack and regain their assets. In order to maintain operations, the company opened some smaller lateral lines through delivery points and terminals while the priority pipelines are shutdown.
The FBI and reports state that this case is of a bungled extortion plot, instead of the collaborated work of hackers intent on handling America’s energy grid. A source also reported to CNBC that The Colonial paid almost $5,000,000 as a ransom to regain access to its systems.
Cybercriminals are in it for the money. There was a point in time when you had to hold up a bank to steal money. However, now hackers are attacking businesses from the comfort of their own homes. What’s most notable is that hackers don’t care about what industry you’re in. One of the topmost hacked industries in the healthcare industry. That’s ruthless! Hackers are in it for the money. If they find a vulnerability in your network, they will attack, no matter what industry you’re in.
DarkSide, the cybercriminals that attacked the oil pipeline, are not trying to access the oil. Even if the oil is worth a lot of money, the hackers don’t have a way to transport it. It’s much easier to restrict a wealthy enterprise and demand a ransom. Enterprises are used to putting security cameras in their office building to catch the bad guys. Technology developments are now forcing enterprises to do the same but on their digital front. This goes out to show that every industry and enterprise needs to protect themselves. The criminals want the money, not your company assets.
Cyber criminals and hackers typically like to learn about their targets’ networks before the attack. There are many opportunities for the company to find and stop the ransomware attack from happening; before it gets to the level of data ex-filtration and encryption. That is why ransomware prevention solutions are increasing in popularity. If you have questions about what is right for your business, schedule a free consultation call here.
Katie Nickels, the director of intelligence at the cybersecurity firm Red Canary says that simple hygiene techniques can stop that first access. The hacker gang admitted that it had already attacked more companies since the attack of the Colonial Pipeline. One of the companies is in the United States, Brazil and Scotland.
“If we learned anything from recent events in 2020 and 21, it is disaster can strike quick and hard when least expected. A global pandemic is as bad as it can get, when it comes to directly impacting human lives. We saw a consistent gradual impact for months on end. We have also seen how cyberattacks and data breaches can now acutely impact enterprises and individuals in just the span of a few moments. The Colonial Pipeline Oil Ransomware Attack in May is a grim reminder of how fragile and vulnerable our infrastructure is when it comes time to protect from cyberattacks.
Cyberwarfare has become a real threat to the modern world and subsequently the modern enterprise. Utility companies, transportation and medical facilities among others, indirectly impact human lives greatly, which is why it is so important to get your cyber affairs in order. Educate your end-users of possible attack methods, protect the enterprise from all angles; internal and external and of course have a plan to recover when you do get breached. It truly is when and no longer if!”
Taking control when an attack like this occurs is the number one thing to do. Scott Sobel is a Senior Vice President for Crisis and Litigation Communications at KGlobal which is a PA and PR organization. He states that, “Cyberterrorists are criminals of opportunity, looking for weaknesses and preying on businesses that have more to lose than just losses stemming from the first attack.”
An important reminder for businesses when they are planning their IT budgets – don't neglect cybersecurity!
He further writes, “Colonial and the authorities bit the bullet and shut down the rest of Colonial’s pipeline systems not affected by the first attack. This preemptive action took control from the terrorists and mitigated the long-term effects, the intimidation and leverage the terrorists hoped for.”
Each and every enterprise needs to take control and get authorities involved. Hornung, the founder of Xact IT Solutions, a cybersecurity firm gave some advice for business leaders and said, “... incident response planning is critical and should be part of every organization's business plan. All companies should be striving for cyber resiliency.” This is why each enterprise needs resources and proper security protection.
When ransomware or natural disaster occurs, every enterprise needs a recovery plan. Without one, you are an easier target and much more prone to issues. These can be like mistakes, missteps and even human mistakes. All of these then lead to longer recovery times and a large financial loss. That’s why we recommend implementing prevention measures before becoming a victim. This is called a DRP which stands for Disaster Recovery Plan.
The five main elements that are in a DRP is:
Essentially you use this plan when an attack like this happens, and you use it to see what the steps and instructions are that need to be followed. It is a simple way to recover instead of when there is no plan because this leads to confusion and more stress.
In order to protect your enterprise from ransomware attacks, you need to be able to identify it first. You need to see what it looks like and its movements. Using tools that Assurance IT offers, for example, can instantly decrease your risk of getting attacked. It is all about the steps you take beforehand, and not after. Don’t become a statistic, protect your enterprise.
This was a large ransomware attack on the Colonial Pipeline Company. Although it could've been prevented, they did not have the best resources and prevention plan put in place. They decided to pay the ransom which lead them to close all operations! Don't let this happen to your enterprise.
Taking control, implementing a recovery plan and implementing the tools to detect ransomware are the major takeaways from this major Pipeline Oil Ransomware Attack
If you want to hear more on how you can protect your business from attacks like these, you can schedule a free consultation call here with one of our experts.
Act before, not after.
Access The Untold Stories of IT Professionals.
Assurance IT launched IT Spotlight - a weekly newsletter putting the spotlight on IT professionals. Get the inside scoop on their careers, their predictions in the industry and more. Once a week, every week, find out what other IT professionals are up to. Learn more here.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.