5 Cybersecurity Lessons from the Colonial Pipeline Incident
On May 7, 2021, the Colonial Pipeline was shut down due to a ransomware attack. It was the largest cyberattack on oil infrastructure in U.S. history, prompting an emergency declaration by the Federal Motor Carrier Safety Administration for 17 states and Washington, D.C.
According to the FBI, the ransomware attack involved a cybercriminal group called DarkSide, which operates out of Russia. DarkSide uses a Ransomware-as-a-Service (RaaS) model, in which it shares revenue from attacks with “affiliates” who infiltrate the victim’s network and deploy the ransomware.
Colonial Pipeline reportedly paid $5 million in bitcoin to the ransomware operator within several hours of the attack. However, the decryption tool the hackers provided was so slow that Colonial Pipeline used its own backups to restore its systems and data. Pipeline operations resumed at 5 p.m. on May 12.
The Ransomware Scourge
Ransomware attacks are typically spread via phishing emails. A user is tricked into clicking on a malicious link or file, which downloads malware that encrypts the victim’s data. The malware generally is capable of spreading through the network and encrypting or blocking access to any files it can find. The attacker then offers to provide a decryption key in exchange for a monetary payment.
Increasingly, ransomware operators such as DarkSide combine their attacks with digital extortion. Sensitive data is stolen before the ransomware is deployed, and the victim is threatened with exposure to encourage payment of the ransom.
There has been a 72 percent increase in ransomware attacks since the COVID-19 pandemic, according to Skybox security. Cybercriminals took advantage of fear and uncertainty and lax security in work-from-home environments to lure more victims.
According to a recent study by Chainalysis, cybercriminals collected $350 million in reported ransom payments in 2020, a 311 percent increase over 2019. Research by Palo Alto Networks finds that the average ransomware payment was $312,493 in 2020, up 171 percent from 2019.
The Colonial Pipeline incident offers five lessons for organizations in all industry sectors.
The Colonial Pipeline attack was the largest cyberattack on oil infrastructure in U.S. history.
- Don’t pay the ransom. Paying the ransom won’t necessarily solve the problem. There’s no guarantee that the attackers will provide the decryption software, and even if they do the software may not work. Worse, law enforcement officials say that ransom payments fund and encourage future attacks. There may also be federal penalties for making such payments.
- Back up systems and data. The best way to recover from a ransomware attack is to restore from a recent backup. Organizations must have a solid backup plan, test it frequently and ensure that data can be restored rapidly. Backups should be isolated or immutable so that they can’t be encrypted in a ransomware attack.
- Segment the network. Network segmentation can help reduce the risk that an attack will spread throughout the environment. Industrial organizations should also isolate the operational technology (OT) network from the IT network.
- Develop a comprehensive security plan. Ransomware is top-of-mind, but it’s far from the only threat. Organizations should have a plan in place to detect and block suspicious activity and respond rapidly should an attack occur. The cybersecurity strategy should include controls for protecting against phishing and credential theft — two common factors in cyberattacks.
How GDS Can Help
The cybersecurity experts at GDS can help you reduce the risk of ransomware and other cyberattacks. Industry-leading security tools are baked into everything we offer, and we provide around-the-clock monitoring and incident response from our Network Operations Centers. We also have specific expertise in energy, oil & gas, maritime and other industry sectors.
GDS can help you develop a comprehensive security plan that will address the most significant threats facing your organization. Give us a call to schedule a confidential consultation and assessment.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.