Hi guys, I’m sure you’ve already heard about the Colonial Pipeline cyberattack this week, the largest critical infrastructure attack in US history. The following will save you hours of news gathering – it’s a a short list of what you need to know about the incident and what we can learn all from it and apply to your company:
- Colonial Pipeline Co. is a private company who’s pipeline supplies up to 50% of America’s east coast with gasoline, diesel and jet fuel
- Last Friday, May 7th their operations were shut down by Russian for-profit hacker group Darkside who used ransomware to encrypt all of their computer systems to render them unusable, including those that control the flow of fuel through their network of fuel lines.
- This made headline news as it is the largest cyberattack to date on US critical infrastructure.
- In the wake of the Solarwinds attack and now this, President Biden signed an executive order Wednesday, May 12th aimed at bolstering the federal government’s cyber defenses.
- With the threat of fuel shortages, several agencies announced regional emergency declarations, including the Federal Motor Carrier Safety Administration and US Department of Transportation
- Adding to the panic, the Twitterverse began featuring images of people stockpiling gasoline in anything they could get their hands on – sloshing-full trash bags, stacked piles of red gas canisters in the trunk of a car, you name it. Just look up hashtag #gasshortage.
— Fiendishly Yours, (@FiendishlyYours) May 11, 2021
- The DarkSide ransomware gang was demanding $5M in Bitcoin to release Colonial Pipeline’s network. The FBI’s stance is to never pay ransoms as it encourages additional criminal activities. However, a new report says Colonial did meet the $5M ransom demand.
- As of today, May 13th, over 10,000 gas stations across the affected region are dry and out of service.
- Now that the ransom has been paid, Colonial Pipeline has begun a system restart that will take several days to restore normal operations.
- Since the fuel travels through the pipeline at just 5mph, it will take weeks for the fuel distribution network to return to normal.
The fuel-buying public may experience some relief at the news about the pipeline restart, but the nation’s law enforcement agencies warn us that this is no time to relax. In a joint advisory, CISA and the FBI said that DarkSide and its affiliates have recently been targeting organizations in industries including manufacturing, legal, insurance, healthcare, and energy.
Prevention is the best cure for this ransomware plague and urge potential targets to use best practices from these resources to strengthen their cybersecurity posture:
- CISA and Multi-State Information Sharing and Analysis Center: Joint Ransomware Guide
- CISA webpage: Ransomware Guidance and Resources
- CISA Insights: Ransomware Outbreak
- CISA Pipeline Cybersecurity Initiative
- CISA Pipeline Cybersecurity Resources Library
It’s safe to say that Ransomware is truly a cyber pandemic and out of control. The FBI stats say it all – attacks were up 20% last year, and even more telling, ransom demands rose 225%. Attackers are going after higher-value targets with deeper pockets, which means critical infrastructure is in the cross hairs.
Those who invest early in cybersecurity are able to respond faster and with less financial damage to ransomware and other cyber-attacks. Those who wait until an incident occurs to invest in their defenses end up paying the price, dearly.
Stay safe out there