Transporting nearly half of the East Coast’s fuel supplies, Colonial Pipeline suffered a cyberattack that halted their operations and caused a subsequent gas shortage. DarkSide reportedly attacked Colonial Pipeline with a ransomware to steal and potentially release 100 gigabytes of data unless a $5 million ransom was paid. This method, known as double extortion, involves cybercriminals encrypting stolen data, making it inaccessible and threatening to release the information.

Lessons Learned from the Colonial Pipeline Breach

There are several cybersecurity takeaways from the Colonial Pipeline attack, including these important lessons:

DarkSide’s ransomware operated as RaaS, meaning these cybercriminals subscribed to the tools to execute ransomware attacks. Previously, hackers needed coding expertise to be successful. However, through RaaS, unskilled and inexperienced users can carry out sophisticated attacks. RaaS empowers novice hackers by providing them with an easy-to-use system for deploying ransomware.

Double extortion increases the dangers of a ransomware attack. This technique goes beyond deleting data if a ransom goes unpaid; instead, cybercriminals threaten to leak the information. Colonial Pipeline did have access to backup data and could have wiped and restored their infrastructure without paying the ransom. The organization paid the ransom to prevent their data from being exposed.

Old and obsolete operating systems may be easier for cybercriminals to infiltrate. By exploiting vulnerabilities in an outdated network, cybercriminals can gain access to sensitive data and hold it for ransom.

Preventive Measures

Your organization can take the following actions to help ensure that ransomware attacks do not compromise your operations and data:

Conduct a Security Risk Evaluation                                                                                                                                             Take time to identify which of your business’ critical systems and assets are most appealing to cybercriminals. This will provide you with a better idea of how to prioritize protection. Employing a cybersecurity professional to conduct a penetration test on your security system will provide the most thorough evaluation, including additional areas of weakness and risk you could be unware of.

Update your business’ operating systems, applications and software regularly. Applying the latest updates improves systems, fixes problems and corrects any security issues discovered by developers.

The Multi-State Information Sharing and Analysis Center (MS-ISAC) reports that performing regular backups of important data is the most effective way to recover from a ransomware attack. Your organization should store all backups offline, out-of-band or in a cloud service so attackers cannot target them. You should also test regularly for efficacy.

Some of the most damaging cyberattacks occur as a result of human error. Training your employees on the importance of cybersecurity and how to identify scams can help your organization reduce the likelihood of becoming a victim.

Antivirus software can protect your business against many cyber threats, including viruses, spyware, malware, Trojans, phishing attacks, rootkits and spam attacks.

If an attack occurs, you should have an incident response plan ready with defined roles and communications that can be shared during an attack. Organizations that are extremely cautious and plan proactively will nest be able to minimize damage.

We’re Here to Help with Cybersecurity

To help you understand your current level of risk associated with cyberattacks, download our Cyber Risk Exposure Scorecard. For further information on the Colonial Pipeline breach or more tips on cybersecurity protection, connect with a member of our team.