Ransomware Preparedness and Lessons From the Colonial Pipeline Hack

On May 7, the hacker group “Darkside” executed a ransomware attack on the Colonial Pipeline, causing it to cease operations. The pipeline supplies 45% of the east coast of the United States’ gasoline, jet fuel, diesel, and heating oil, so gas prices quickly began to rise across the region. The disruption caused the national average gas price to spike above $3 for the first time since 2014.

After reportedly paying Darkside 75 Bitcoin—worth roughly $5 million at the time—Colonial Pipeline resumed operation on May 15. However, gas stations across the Eastern United States still faced fuel shortages after panic buying drained supply.

So, what does this teach us about ransomware attacks, the potential disruption they can cause, and how they can be avoided?

Further Details

The Colonial Pipeline attack involved attacking the organization’s business IT systems as opposed to attacking the operational technology that controls the physical pipeline directly. This is relevant because it sheds some light on Darkside’s aims to simply extort money rather than cause destruction. In fact, Darkside has even expressed regret that the hack caused harm to everyday consumers and will vet targets more carefully in the future.

That being said, $5 million is $5 million, and whether the goal is to cause physical destruction or not is beside the point for most business leaders. The fact is, ransomware attacks can be extremely expensive and present an ever-growing threat to businesses and their operations.

Strategies To Prevent Attacks

This type of advice may cause some to roll their eyes, but it’s true that the best way to recover from a bad situation—like a ransomware attack—is to prevent it from happening in the first place. Luckily, there are tangible steps organizations can take toward this goal.

Training

An organization’s employees can either be an ironclad first line of defense against cyber threats or its biggest vulnerability. The difference is in the training those employees receive related to evolving cyber threats.?

Training on phishing strategies is particularly important. As a reminder, a phishing attack is one in which an email containing a malicious attachment or link is sent to a wide collection of targets. When even one person downloads the attachment or follows the link, malware may begin to download or hackers could gain access to internal systems.?

Training and retraining programs can be put in place to ensure employees know what to look out for, which emails to trust, and which to report.

Patching Vulnerabilities

It is virtually impossible to design software that is 100% free of vulnerabilities but, when they are detected, they can be patched. Undergoing regular reviews of the systems and tools your organization uses, engaging in penetration testing, and other methods can detect and repair existing vulnerabilities.

An Evolving Problem

Cybersecurity is a never ending cycle that involves new methods and technologies to defend against changing threats. As soon as one attack strategy is blocked, new ones emerge to take their place.?

To keep up, businesses must engage with IT support partners that have extensive expertise in cybersecurity. By partnering with The Orange Crew, organizations can protect their systems, their employees, and their customers.?

What strategies or tools do you currently have in place to meet cybersecurity goals? How successful have they been? Let’s get in touch and discuss how The Orange Crew can help.