The recent ransomware attack on the Colonial Pipeline has resulted in a critical wake-up call for heightened cybersecurity relating to the nation’s infrastructure. The pipeline delivers nearly half of the fuel to the eastern US, funneling the liquid life supply into a vast 5,000+ mile route from Texas to the major metropolitan centers in the Southeastern and Mid-Atlantic parts of our country. The attack has caused fear of gasoline shortages and reactive consumer stockpiling at the pumps. Expansive press and public response somewhat inflate the scope of this incident, but it is another prime example of the persistent ransomware threat that exists across all industries.
Details of the Colonial Pipeline Attack
The Colonial Pipeline Company was hit with a ransomware attack on Friday, May 7. Upon uncovering the threat, the company shut down all operations in an effort to limit the reach and scope of the incident. While it is relatively common for an organization affected by ransomware to pause or slow business activities, the role Colonial holds in supplying millions of barrels of gasoline a day to some of the most populated regions and largest airports in the country had an immediate trickle-down effect.
Preliminary investigations into the developing situation indicate that a Russian-based hacker group known as DarkSide may be responsible for the attack. DarkSide targeted the Colonial Pipeline with a malware attack that effectively locked down their system through nefarious data encryption. Monetary gain is the goal, as is instilling an instant panic to help entice the victim or organization to pay the demanded ransom. This situation is true of nearly all ransomware attacks, and although exact details on the Colonial ransom amount have not been revealed, the ransom amount can easily be guessed to be in the millions of dollars.
Also interesting in this attack is the role of the federal government. Typically, the Feds stay out of corporate ransomware attacks without getting directly involved. They may provide resources or guidance through the FBI, but they typically have shied away from direct assistance or specific investigations. With Colonial, there seems to be a far greater level of involvement on a federal level. The importance of the energy supply to the nation’s wellbeing as well as US cybersecurity competence in the eyes of the rest of the world are two factors that may be influencing this federal engagement.
The immediate impact of the attack is already evident. Long lines and fuel shortages at gas stations throughout the southeast and east coast are occurring. AAA has predicted a rise in fuel prices of at least a few cents if the shutdown lasts longer than a week. State of Emergency orders have been made in several states, including North Carolina and Virginia. All this is happening even as Colonial anticipates having full operations up and running again within a week.
It’s also another direct wake-up call to businesses and government officials that private and public organizations alike are far from prepared for the ongoing threat of similar attacks. The quick involvement of the federal government shows promise that these security issues are being noticed. Still, the alarm also demonstrates the stark reality that no organization is effectively immune from ransomware attacks and other types of data breaches.
As the Colonial Pipeline resumes full operations, the short-term impacts mentioned above should subside relatively quickly. Long-term effects should be viewed from a wider lens than this single attack. Ransomware and other security breaches are a constant threat that will remain ever present moving forward. Other major attacks, such as Scripps Health in San Diego, occurred the same week as Colonial but did not receive as much major attention. One could easily argue that stolen health data can have a much more severe long-term impact than an increase in gas prices.
On a positive angle, there is hope that the attention that the Colonial situation has brought to cybersecurity and ransomware will increase efforts to limit the scope of these attacks in the future by having better safeguards in place. There is no way to stop ransomware attacks outright, and businesses of all levels are susceptible, yet some remain unaware of the threat. If industry leaders and government officials seize the moment to advance cybersecurity tactics and resources, perhaps this particular incident can become a memorable moment in the fight against cybercrime.
What Your Organization Needs to Know
No matter what size of business you own, operate, or work within, your having knowledge of cyberthreats and proper preparation are vital being able to limit risk. The federal government and FBI still maintain a stance that you should not pay a ransom when hit with a ransomware attack. You might even face sanctions if payments are made to threat actors as this funding can be used to support ongoing criminal activity. Despite warnings and sanctions, many organizations do indeed pay a ransom. Global damage from payments and restoration costs are estimated to reach $20 billion in 2021. Even if a ransom is paid, encrypted files are only returned 20-27% percent of the time, so there is always a risk the payment will be for naught in the end regardless.
Ransomware, and any other type of malware, results from a failure of management and IT. The organizations that are most likely to get hit are those that are not prepared. If you’re reading this and have any doubts regarding the readiness of your business to handle an attack, you’re most likely not prepared. You need to backup all of your files, information, and all other internal and forward-facing data immediately. And this needs to be done on a constant basis to help take the power of panic away from the criminals if a ransomware attack occurs.
Data breach defenses and restoration services will also help you remain prepared to handle an attack even before it happens. Preparation is often the best and only defense when it comes to ransomware. The threat itself cannot be eliminated, but the ability of your business to handle the situation and better resolve its outcome is possible.
LibertyID is the leader in identity theft restoration, having restored the identities of tens of thousands of individuals without fail. If you retain personal information on your customers, now is the time to get data breach planning and a response program in place with our LibertyID for Small Business data breach preparation program. With LibertyID Enterprise you can now add value to existing products, services, or relationships by covering your customers, employees, or members with LibertyID’s fully managed identity theft restoration service – at a fraction of our retail price – with no enrollment and no file sharing. We have no direct communication with your group members – until they need us.
Call us now for a now obligation proposal at 844-44-LIBERTY (844) 445-4237