18 May Colonial Pipeline Ransomware Attack
In May of 2021, the United States experienced what many are referring to as the largest cyberattack to ever take place on an American energy system. The cyberattack left a major US oil pipeline offline for several days, causing a period of mild panic as gas stations experienced shortages and gas prices began to surge.
Colonial Pipeline Company was targeted by an attack from a criminal organization based in Eastern Europe. The Colonial Pieplien Company is a Georgia-based company that operates the largest petroleum pipeline in the US, carrying 2.5 million barrels of gasoline, jet fuel, and diesel each day. The pipeline is responsible for providing nearly half of the Eastern United States’ fuel supply.
The attack began on May 6th and hackers were able to steal nearly 100 gigabytes of data before computer systems were frozen, according to Bloomberg.
How the Breach Occurred
Colonial has not yet provided details on how the hacker group was able to gain access to their systems and cause the shutdown. However, we know that the company used ransomware, a type of malware that is designed to encrypt files on a system to make them unusable. The hackers threatened to both leak the stolen data and keep system files encrypted unless their demands were met. While we are still waiting on full details to be released, it seems that Colonial paid the hackers $5 million in order to restore their operations.
Upon taking office, President Biden has signed an executive order to strengthen the federal government’s cybersecurity standards for software and technology services that they use. This instance will no doubt support that effort.
How to Stay Protected
Ransomware works by finding a path into the system and quickly spreading to all connected systems to lock and encrypt as much data as possible. This malware is most commonly spread by phishing emails or tricking employees into downloading fake files. So, what steps can you take to secure your organization?
The first step is to perform frequent backups of all of your data. In the instance of a ransomware attack, if you are able to replace most or all of your data, it can save your company millions. System backups should occur automatically and at regular intervals. These backups should be moved to a device that is inaccessible from a network to ensure it is protected from a potential malware spread.
The second step is to be proactive in preventing ransomware infections. This includes ensuring all systems and applications are updated and patched to remedy any identified vulnerabilities. Preventative software such as antivirus, email filters, and firewalls are crucial to security. Keep these updated as well.
The third step is to train your organization. As a breach is often due to human error, training staff on cybersecurity awareness and best practices is a necessary step. This includes establishing policies for email interactions and attachments, website usage, connecting to company networks, etc.
Make sure you’re protected by performing all the necessary assessments and implementing the required policies and controls. RiskWatch software enables you to reduce exposure to liability, manage risk, monitor and maintain cybersecurity, and track continuous improvement. Sign up for a free account today so you can see firsthand how to improve your program. We allow 3 free assessments on your account and provide free content libraries, such as to assess your cyber risk.