Colonial Pipeline was hit by a ransomware attack earlier this month, threatening the fuel supply for much of the East Coast. With these types of attacks happening more and more frequently, it’s important to see what we can learn from them, and how to better protect ourselves going forward.
Chris Chase from Directive breaks down some fantastic takeaways from the Colonial Pipeline attack.
There’s a Ransomware Industry Here
Darkside, the brains behind the Colonial Pipeline attack, are what you could call established in their “industry.” They’re decentralized, working with other hackers to do the work and split the pot (and the pot is currently at least $60 million so far).
The most dangerous aspect of this is that Darkside actually does most of the dirt work themselves. The other hackers simply come in and fill in the gaps. That makes it much easier for another Colonial Pipeline to happen, as even amateur hackers need only consult Darkside to break into the game.
It’s Not Just Extortion to Look Out For
Darkside held Colonial Pipeline’s data hostage, and would only return the data untouched for the agreed-upon ransom. Classic extortion. The only hitch is that Colonial Pipeline had backups of that data, and should have been able to simply access that backup on a new system that Darkside didn’t have access to. So why didn’t they?
The reason is a tactic called double extortion. Darkside not only took over Colonial Pipeline’s systems data, they also threatened to leak that data if the ransom wasn’t met. It goes to show just how complicated and dangerous these situations can become.
Cybersecurity Will Be Made More of a Priority
If you’ve been keeping up with cybersecurity news, you know Colonial Pipeline is far from the only company or organization recently hit by such an attack. The upside to these attacks is that cybersecurity is becoming more of a priority.
For example, have an executive order from President Biden aimed at improving cybersecurity in both the government and private sector, federal attention for such an important issue. That will only increase as more attacks occur, which, in theory, should better protect our private and public systems in the future.