Lessons from the Colonial Pipeline Ransomware Hack

Colonial pipeline ransomware hack

Updated: December 7, 2022

Will your weak security leave your clients waiting in line? 

Every year cybersecurity incidents make national headlines and cause every business owner to reconsider their personal security measures and processes.  

The recent Colonial Pipeline ransomware hack – which halted fuel distribution on the East Coast for a week – is a prime example of such an incident. 

Colonial Pipeline Company is the operator of the largest pipeline system for refined oil products in the United States. All systems, and fuel distribution, resumed normal operation after the company paid a 75-bitcoin ransom to an Eastern Europe-based cybercriminal hacking group. The company paid the ransom to DarkSide, and it was worth $5 million at the time of the incident. 

Fuel shortages continue to be a problem in many key markets served by the pipeline system. As many as 80 percent of gas stations in Washington, D.C. were without fuel as of Saturday morning.  

Instead of being able to fill their car with gas, cybersecurity experts across the nation worry about the message the Colonial Pipeline hack is sending to other hacking groups. 

Ransomware Attacks Are Common 

If you don’t pay attention to cybersecurity-related news, then ransomware attacks may seem rare to you. Perhaps that they only affect large enterprises and organizations. The reality is very different. 

In 2020, there were a total of 304 million ransomware attacks worldwide. That amounted to a 62 percent increase from the year prior. From time to time, cybercriminals pull off a headline-worthy attack, but most ransomware attacks never receive any publicity. 

The threat actor behind the Colonial Pipeline ransomware hack, the DarkSide hacking group, typically focuses on lower-end ransoms. They demand these victims pay anywhere between $80,000 to $100,000 to regain access to their data. They perform about 10 smaller hacks a month earning them $12 million a year. 

Hackers are motivated by money. Targeting smaller businesses and avoiding the attention of news reporters and three-letter agencies, suits them well. 

Paying the Ransom Is Not the Right Solution 

According to IBM Security’s X-Force survey of executives at 600 businesses of all sizes, 70 percent of businesses infected with ransomware have paid the ransom to get their data back. The decision to pay the ransom comes down to simple math, as was the case with the Colonial Pipeline ransomware hack. 

The DarkSide hacking group took down Colonial Pipeline’s billing system, leaving it unable to track fuel distribution and bill customers. The hackers also stole approximately 140 GB of accounting, research, and development data from the company’s servers. They then preloaded them online to be published. 

From the financial point of view, paying the ransom was an easy decision. Unfortunately, decisions like this send the wrong message. They embolden other groups going forward. 

“I can’t say I’m surprised, but it’s certainly disappointing,” says Brett Callow, a threat analyst at antivirus company Emsisoft, about Colonial Pipeline’s decision to pay the ransom.  

“Unfortunately, it’ll help keep United States critical infrastructure providers in the crosshairs. If a sector proves to be profitable, they’ll keep on hitting it.” 

For the same reason, the FBI and other law enforcement groups discourage ransomware victims from paying the ransom. They recommend focusing on improving their defenses and recovery capabilities instead. 

Prevent Weak Security from Leaving Your Clients Waiting in Line 

As dangerous as they are, you can avoid ransomware attacks by following basic ransomware prevention best practices: 

Require MFA 

Multi-factor authentication is an authentication method that requires the user provide two or more verification factors to gain access to a resource (e.g., application, online account, VPN). You should use MFA wherever possible.  

In many cases, it is included with your subscription (e.g., M365, Google, etc.). Be sure to enable it if it is not already. 

Cybersecurity Awareness Training with Simulated Phishing Attacks 

Hacking groups rely on social engineering techniques to obtain credentials that allow them to evade established cybersecurity defenses with minimal effort. Employees should learn how to recognize them by completing cybersecurity awareness training. 

Backup and Recovery 

Ransomware attacks are effective because organizations can’t afford to lose their data. You can save yourself the loss by creating backups of important data and storing it offline in an encrypted format. That way if suffer an attack, you can wipe affected devices clean and recover everything you need do your work. 

Cybersecurity Response Plan 

You should have a documented, written plan to guide your response to a ransomware attack. The plan should: 

  • Describe everyone’s roles and responsibilities 
  • Detail mandatory notification procedures 
  • Include other essential information 

Activity Monitoring 

Ransomware leaves behind an easily recognizable signature on the network. There are many tools and solutions that can spot it early – giving you time to act. 

Regular Patching 

Unpatched vulnerabilities are like secret unlocked doors that invite attackers to come in and wreak havoc. To close these doors, you need to update all hardware and software on your network as soon as possible. 

Additional reading: Check out this blog for 16 fundamental cybersecurity elements. 

We are passionate about helping leaders like you leverage technology to grow and secure your business. Feel free to contact us if we can be of assistance or to learn more about our managed cybersecurity services. 

Subscribe to our monthly newsletter
to get exclusive IT and cybersecurity insights.

    Filter articles

Latest Articles

Contact us to get started today!

Call us at (703) 740-9797 or fill out the form below to schedule your free consultation. We will get back to you shortly.

*All fields are required.

This site uses cookies to optimize functionality and give you the best possible experience. If you continue to navigate this website beyond this page, cookies will be placed on your browser. To learn more about cookies, click here.