Lessons from the Colonial Pipeline Ransomware Hack

Every year cybersecurity incidents make national headlines and cause every business owner to reconsider their personal security measures and processes. 

The recent Colonial Pipeline ransomware hack – which halted fuel distribution on the East Coast for a week – is a prime example of such an incident.

Will Your Weak Security Leave Your Clients Waiting in Line? 

Colonial Pipeline Company is the operator of the largest pipeline system for refined oil products in the United States. All systems, and fuel distribution, resumed normal operation after the company paid a 75-bitcoin ransom to an Eastern Europe-based cybercriminal hacking group. The company paid the ransom to DarkSide, and it was worth $5 million at the time of the incident.

Fuel shortages continue to be a problem in many key markets served by the pipeline system. As many as 80 percent of gas stations in Washington, D.C. were without fuel as of Saturday morning.

Instead of being able to fill their car with gas, cybersecurity experts across the nation worry about the message the Colonial Pipeline hack is sending to other hacking groups.

Ransomware: A Proactive Preparation Guide

Use the eight steps outlined in this eBook to proactively safeguard your business from ransomware.

Ransomware Attacks Are Common

If you don’t pay attention to cybersecurity-related news, then ransomware attacks may seem rare to you. Perhaps that they only affect large enterprises and organizations. The reality is very different.

In 2020, there were a total of 304 million ransomware attacks worldwide. That amounted to a 62 percent increase from the year prior. From time to time, cybercriminals pull off a headline-worthy attack, but most ransomware attacks never receive any publicity.

The threat actor behind the Colonial Pipeline ransomware hack, the DarkSide hacking group, typically focuses on lower-end ransoms. They demand these victims pay anywhere between $80,000 to $100,000 to regain access to their data. They perform about 10 smaller hacks a month earning them $12 million a year.

Hackers are motivated by money. Targeting smaller businesses and avoiding the attention of news reporters and three-letter agencies, suits them well.

Paying the Ransom Is Not the Right Solution

According to IBM Security’s X-Force survey of executives at 600 businesses of all sizes, 70 percent of businesses infected with ransomware have paid the ransom to get their data back. The decision to pay the ransom comes down to simple math, as was the case with the Colonial Pipeline ransomware hack. 

The DarkSide hacking group took down Colonial Pipeline’s billing system, leaving it unable to track fuel distribution and bill customers. The hackers also stole approximately 140 GB of accounting, research, and development data from the company’s servers. They then preloaded them online to be published.

From the financial point of view, paying the ransom was an easy decision. Unfortunately, decisions like this send the wrong message. They embolden other groups going forward.

“I can’t say I’m surprised, but it’s certainly disappointing,” says Brett Callow, a threat analyst at antivirus company Emsisoft, about Colonial Pipeline’s decision to pay the ransom.

“Unfortunately, it’ll help keep United States critical infrastructure providers in the crosshairs. If a sector proves to be profitable, they’ll keep on hitting it.”

For the same reason, the FBI and other law enforcement groups discourage ransomware victims from paying the ransom. They recommend focusing on improving their defenses and recovery capabilities instead.

Prevent Weak Security from Leaving Your Clients Waiting in Line 

As dangerous as they are, you can avoid ransomware attacks by following basic ransomware prevention best practices:

Require MFA 

Multi-factor authentication is an authentication method that requires the user to provide two or more verification factors to gain access to a resource (e.g., application, online account, VPN). You should use MFA wherever possible.

In many cases, it is included with your subscription (e.g., M365, Google, etc.). Be sure to enable it if it is not already.

Cybersecurity Awareness Training with Simulated Phishing Attacks 

Hacking groups rely on social engineering techniques to obtain credentials that allow them to evade established cybersecurity defenses with minimal effort. Employees should learn how to recognize them by completing cybersecurity awareness training.

How to Create a Cybersecurity Awareness Training Program Ebook

Learn how to implement an engaging and successful cybersecurity awareness training program.

Backup and Recovery

Ransomware attacks are effective because organizations can’t afford to lose their data. You can save yourself the loss by creating backups of important data and storing it offline in an encrypted format. That way if suffer an attack, you can wipe affected devices clean and recover everything you need do your work.

Cybersecurity Response Plan

You should have a documented, written plan to guide your response to a ransomware attack. The plan should:

  • Describe everyone’s roles and responsibilities 
  • Detail mandatory notification procedures 
  • Include other essential information 

Activity Monitoring

Ransomware leaves behind an easily recognizable signature on the network. There are many monitoring tools and solutions that can spot it early – giving you time to act.

Regular Patching

Unpatched vulnerabilities are like secret unlocked doors that invite attackers to come in and wreak havoc. To close these doors, you need to update all hardware and software on your network as soon as possible.

Get Protection from Advanced Cyber Threats Today

We are passionate about helping leaders like you leverage technology to grow and secure your business.

Teal offers responsive and secure managed IT services to SMBs nationally, with local MSP services provided in:

  • Minneapolis 
  • Washington DC 

Established in 2000, we enrich lives by delivering ultra-responsive services, prioritizing integrated cybersecurity, and investing in our staff.

Latest Teal News

Subscribe to Our Newsletter

Join Teal Exclusive now to be notified of the latest news, tech tips, and more.

Recent Articles
Categories
Don’t Stop Here

More To Explore

Remote Work

Solving Common Remote Work Security Challenges

Organizations face increasing threats from phishing scams, the use of insecure passwords, and the complexity of managing personal devices. Tackling these issues head-on is essential