paint-brush
What Organizations Should Learn From the Colonial Pipeline Breachby@jtruong
162 reads

What Organizations Should Learn From the Colonial Pipeline Breach

by Jessica TruongJune 22nd, 2021
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Earlier this month, the Colonial Pipeline Company found itself to be a victim of a cybersecurity ransomware attack. The company took certain systems offline to contain the threat, which temporarily stopped all pipeline operations and also affected some of their IT systems. The Colonial Pipeline’s CEO, Joseph Blount, paid DarkSide $4.4 million in Bitcoin to regain control of their computer systems and restart fuel delivery to the East Coast. Ransomware attacks have been increasing due to the COVID-19 pandemic and according to the FBI, “malicious actors have exponentially increased their activity”

Company Mentioned

Mention Thumbnail
featured image - What Organizations Should Learn From the Colonial Pipeline Breach
Jessica Truong HackerNoon profile picture

Earlier this month, the Colonial Pipeline Company found itself to be a victim of a cybersecurity ransomware attack. In response to the attack, the company took certain systems offline to contain the threat, which temporarily stopped all pipeline operations and also affected some of their IT systems.

It was discovered that Darkside, an Eastern Europe hacking group, was responsible for this ransomware attack. The hack prompted “a shutdown of the 5,500-mile pipeline that carries 45% of the fuel used on the East Coast” (TechnologyReview). 

This unfortunately led to a gas shortage that primarily affected the East Coast.

Colonial Pipeline’s CEO, Joseph Blount, paid DarkSide $4.4 million in Bitcoin to regain control of their computer systems and restart fuel delivery to the East Coast.

This event is just one example of the importance of ransomware attacks and why they aren’t going away anytime soon. In fact, they are on the rise.  

What is Ransomware?

McAfee’s definition of ransomware is “malware that employs encryption to hold a victim’s information at ransom”. An individual or organization’s data is encrypted so that all files, databases, and applications are inaccessible unless a ransom is paid.

Once the ransom is paid then the individual or organization will be given back access to their data.  

Why is Ransomware so Effective?

These attacks instill fear and panic into their victims causing them to do whatever is needed in order to regain control of their information and systems. Hackers can also threaten that they will leak an organization’s confidential data if ransom is not paid.

It’s a win-lose situation, the hackers gain revenue from the victims and the victims lose money but regains control of their data and computer systems.

Ransomware Attacks Are on The Rise

Ransomware attacks have been increasing due to the COVID-19 pandemic and according to the FBI, “malicious actors have exponentially increased their activity, causing a 300% increase in cybercrimes over the same period last year” (Imcgrupo). SafeAtLast states that in 2021, ransomware attacks against businesses will occur every 11 seconds. 

The healthcare sector has also been seeing a rise in ransomware attacks, hackers are taking advantage of healthcare organizations during a vulnerable period of time.

Ransomware attacks cost healthcare organizations $21 billion in 2020.

According to hea!thcare innovation, through this past year, “92 individual ransomware attacks affected more than 600 separate clinics, hospitals, and organizations, and over 18 million patient records”. 

Ransomware will continue and therefore must continue to be a concern for organizations. As technology is constantly evolving, Cybersecurity efforts need to keep up with it.

It is crucial that there are proper security practices in place, in order to be one step ahead of attackers and prevent these attacks from occurring. 

Hackers are constantly using new techniques to perform these ransomware attacks, the attacks are becoming more sophisticated, aggressive, and frequent. 

What has the Colonial Pipeline Attack Taught Us? 

There are a few  takeaways from this attack that should be noted of:

  • First and what I believe to be the most important, is that hackers today spend an immense amount of time learning, researching vulnerabilities, and exploiting them in order to develop complex attacks to avoid detection
  • Rapid response and recovery is crucial - it is extremely important to make sure that once a ransomware attack is found that it is detected and necessary actions have been taken to reduce the spread of ransomware 
  • Properly managed security is vital to industrial protection - the ability to ensure protection across all systems is critical for strong protection

How to Protect Your Organization Against Ransomware

More organizations have purchased cyber insurance to further protect themselves against cyber attacks. 

The following list includes some of the best practices that an organization and its employees should follow to protect themselves against ransomware:

  • Update software and operating systems with the latest patches
  • Perform a backup of data on regular basis
  • Be cautious of suspicious emails and to not click on any links and/or attachments within them
  • Strong password implementation 
  • Restrict administrative access

Ransomware attacks are not disappearing anytime in the near future. Instead, they are on the rise thanks to the world pandemic. 

Hackers are always adapting to new technologies and incorporating new techniques.

Another ransom attack has occurred again following the Pipeline Breach and this time JBS Foods, the world’s largest meat supplier as the target. 

JBS Foods paid $11 million in Bitcoin to the hackers.

Hackers will not stop this specific attack and will continue to target high-profile targets because they know they can be successful. The ransomware attack on the Colonial Pipeline Breach displayed how much more organized the attackers have become.

Because of this, organizations must increase their security to protect themselves from such threats. These hackers are after the bigger organizations and aren’t worried about getting caught.