Blog

Cybersecurity Lessons to Be Learned from the Colonial Pipeline Attack

Cybersecurity Lessons to Be Learned from the Colonial Pipeline Attack

Headlines have been filled with news pertaining to the recent hack of Colonial Pipeline, which has created significant gasoline shortages up the east coast of the nation. While the pipeline has been restored, the way this was accomplished sets a dangerous precedent. On top of this, the attack seems to have set off bigger infrastructural changes in the political space.

Let’s take a few minutes to dive into the situation at hand to see what insights can be gleaned from these events.

The Colonial Pipeline Situation

On May 7, Colonial Pipeline first became aware of a ransomware infection in its systems, prompting the fuel supplier to pull the plug on its pipeline operations along the southeast coast so that the malware wouldn’t spread. Leaning on a relatively new form of ransomware attack, those responsible for the attack—a group called Darkside—utilized a method known as double extortion, where the cybercriminal motivates their victim to pay up by not only locking their data down but also threatening to leak it out.

For its part, Darkside primarily operates as a kind of cybercriminal service provider, developing threats to provide them to other groups with their support.

In response to this threat, Colonial Pipeline quickly halted its operations… and as a result, a wide portion of the country experienced gas shortages due to the cutoff of supply. Many found themselves waiting for hours at the pumps, assuming that any gasoline was available at all. Despite stating that there were no plans to pay the almost $5 million in cryptocurrency that the hackers were demanding, it has been reported that the company did ultimately do so. Once the payment was received, the distributor was provided with a very slow decryption tool that they supplemented with their own backup solutions.

This situation has highlighted a few serious considerations that will need to be addressed by businesses of every size, while also revealing a few things about the current state of cybersecurity in clearly critical pieces of infrastructure.

Ransomware-as-a-Service is a Serious Threat

Darkside had risen to prominence in a relatively short time in the cybercriminal business world, creating a network of affiliate hackers to collaborate with for a share of the cut. With a net gain of at least $60 million in its seven months of existence ($46 million of which came in during Q1 2021 alone), this approach is apparently quite lucrative. While the affiliate hackers retain the majority of the ransom fees, Darkside handles a lot of the work on their behalf: writing the ransomware itself, billing the targeted victims, hosting the data that has been stolen, and even serving as the cybercriminal’s IT support and PR team.

This is serious, simply because it can significantly lower the barrier to entry that cybercriminals face when implementing ransomware, making it a feasible attack vector for more of them to put into place.

Double Extortion Makes Ransomware Even Worse

You may have caught that Colonial Pipeline did, in fact, have a data backup available to them… so, it may seem confusing that they still paid the ransom to have their data released. After all, the data backup should have enabled them to simply wipe and restore their entire infrastructure from scratch.

It’s the fact that this attack was using the double extortion method that makes the difference. Instead of simply threatening to delete the data if the ransom is not paid, a double extortion attack doubles down by threatening to leak the data if the ransom is not paid in time. Depending on the industry that is being targeted, some of this data could bring significant repercussions to the business that allowed it to leak. Government regulations and public opinion can both bring down serious consequences once data is leaked, so it makes sense that Colonial Pipeline would choose to bite the bullet and pay up instead. We still don’t recommend that ransomware demands are paid, but time will tell if this method of attack becomes more popular and forces us to reconsider.

Events Like These Will inspire Cybersecurity Improvements

Partly in response to these events, U.S. President Joe Biden signed an executive order intended to boost the cybersecurity protections in place surrounding critical infrastructures for the government and private sector companies alike. This order includes the founding of a task force committed to prosecuting hackers that utilize ransomware, as well at the removal of any contractual barriers to reporting breaches within federal agencies and a deadline of three days to report severe cyberattacks. With such attacks happening with higher frequency than ever before, it will be far more critical for businesses to consider these improvements crucial to their continued survival.

Situations like these make it clear that cybersecurity isn’t going to get any easier for businesses to manage from here on out, so it will be important to have a trustworthy resource waiting in the wings to assist your operations. White Mountain IT Services can be that resource for you. Give us a call at 603-889-0800 to start a conversation about what we can do for you.

By accepting you will be accessing a service provided by a third-party external to https://www.whitemtn.com/

Related Posts

A new ransomware attack has surfaced, this time mostly targeting IT companies and their clients. The attack is specifically targeting the Kaseya platform. Kaseya is management software that many IT companies use to remotely manage and support technol...
When we talk about best practices, we are typically referring to the practices used by successful companies to garner the best results. A new study by Disaster Recovery has shown that, as backup and recovery solutions go, enterprises are providing so...
If you’ve watched the news lately, chances are you’ve seen the Equifax breach and the ridiculous fallout it has caused. Over 133 million personal records have been stolen. While it’s difficult not to feel individually victimized by such a breach, it’...
Data backup and disaster recovery are critical to the success of the modern business, but so many organizations still don’t see the importance of maintaining copies of their data infrastructure, or simply don’t think that they will fall victim to a d...
Data backup and disaster recovery are critical to the success of the modern business, but so many organizations still don’t see the importance of maintaining copies of their data infrastructure, or simply don’t think that they will fall victim to a d...
When it comes to your business’s technology infrastructure, the more basic it is, the better. Granted, a simple IT infrastructure isn’t always easy to install, especially when there are so many great solutions on the market that can be implemented to...
If you don’t think that your business is under attack from the Internet, you’re likely to be running an organization that will be decimated by a cyberattack. If you want to avoid this scenario, you will have to be prepared to do what you can to keep ...
As much as you hope it will not happen to your business, a disaster could very well strike at any time—statistics have shown as much to be true. To remove some of the risks associated with disasters and the data loss they lead to; we recommend that y...
While COVID-19 has largely dominated the public awareness and created huge shifts and interruptions to businesses of all sizes, small businesses have clearly been impacted the most--essential and non-essential businesses alike. Of course, this doesn’...
Here’s a fact that you’ve heard before: data loss is a nightmare for your business, and ransomware is the boogeyman. Once your data has been breached, your company’s reputation is damaged in perpetuity. That’s why it is important to confront these fe...
In business, having contingencies for potential problems tends to be advantageous for the business that wants to stave off ruin. When you are dealing with information technology--specifically data--ensuring that it is protected against loss in the fa...
Businesses are just now starting to reopen as stay-at-home orders are lapsing or going to lapse. For many of those businesses, remote solutions have got them through this ordeal and for many others they continue to deploy a remote workforce. For comp...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our office in NH.  We will manage a local vendor for locations outside of our service area to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

White Mountain IT Services
33 Main Street, Suite 302
Nashua, New Hampshire 03064

 

603-889-0800

map nashua4 1

 

Open Positions