Colonial Pipeline made the headlines recently after being hit on May 7 by ransomware. The attack was so successful that it led to a complete shutdown of operations. While the exact cause of how this attack occurred hasn’t yet been made available, similar attacks have been traced back to unpatched vulnerabilities, compromised user credentials, and simple phishing email messages. Here are some more details.
With the crisis unfolding, Colonial explored various options and ultimately decided to pay the ransom and hope for the best. The ransom was $4.4 million in Bitcoin. Colonial worked with a professional team who negotiated with the attackers and worked to ensure they held up their end of the bargain.
After paying the ransom, the pipeline resumed operation but the damage continued. The pipeline took several days to return to running at full capacity and ultimately Colonial had to rely on internal backups. Full internal recovery will probably continue for months.
So what are the takeaways?
- Colonial had spent $200 million dollars on IT, proving that it takes more than just technology to prevent an attack. This is why we emphasize end-user security awareness training to all our clients.
- The fact that Colonial felt that paying the ransom was their best option means that we’ll almost certainly see an increased level of cyber attacks in the months ahead. It’s a good return for Cybercriminals – anyone can pay a ransomware-making service less than $200 to have a ransomware attack package made for you.
- Don’t leave yourself without a plan. There is no 100% foolproof way to prevent a ransomware attack, so be ready.
If your organization doesn’t have a plan for preventing and if needed, recovering from a ransomware attack, contact us today and learn how we can help your business prepare.
Everyone stay safe out there!