On May 7, a Darkside ransomware attack hit the U.S.’ largest oil pipeline, causing a shutdown of 5,500 miles of critical pipeline and crippling operations.
The subsequent results of the attack include fuel shortages, increasing gas prices, long lines and/or dry pumps across the East Coast of the U.S.
The Colonial Pipeline shutdown is expected to cause continued shortages since the company is responsible for 45% of the East Coast’s fuel supply, including gasoline, diesel, jet fuel, home heating oil, and fuel for U.S. Military use.
This incident is an example of the severe threat ransomware poses to organizations and the real-world impacts these attacks can cause.
In this blog, you will:
- Discover why the pipeline shutdown occurred and why it matters to you
- Understand more about the criminal group who carried out the hack
- Learn about the actions being taken to prevent future attacks
- Find out how you can do your part to improve your cyber security today
Why is the Colonial pipeline shut down?
Colonial Pipeline released a statement announcing the cyberattack and disclosing that they “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations” and froze IT systems.
Following the attack, the FBI confirmed the DarkSide ransomware group perpetrated the Colonial Pipeline attack. The company is currently continuing to work with the FBI to investigate the attack.
As a result of the attack, the USDOT Federal Motor Carrier Safety Administration (FMCSA) issued an emergency declaration on May 9 to bypass standard restrictions providing regulatory relief to mobilize land transport of fuel and expanding working hours of drivers to compensate for the company’s shut down.
Who is the DarkSide ransomware group?
DarkSide is a ransomware-as-a-service variant, first detected on a Russian language hacking forum in August 2020.
According to Krebs on Security, DarkSide claims it explicitly targets large companies and instructs affiliates to exclude industries including healthcare, funeral services, education, public sector, and non-profits from their attack targets.
The New York Times reports that FBI, Energy Department, and White House officials believe “the attack was the act of a criminal group, rather than a nation seeking to disrupt critical infrastructure in the United States”.
However, they also acknowledged that at present, these criminal groups have “loose affiliations with foreign intelligence agencies and have operated on their behalf” in the past.
Krebs On Security reported that New York City-based cyber intelligence firm Flashpoint has a “moderate-strong degree of confidence that the attack was not intended to damage national infrastructure and was simply associated with a target which had the finances to support a large payment”.
This analysis concurs with the U.S government agency’s current knowledge of the attack.
Additionally, the DarkSide group released a statement regarding the “apolitical” nature of their intentions and their “goal…to make money, and not [create] problems for society”.
How can similar cyber attacks be prevented in the future?
Continual cyber security diligence is key to minimizing the threat of ransomware.
While everyday attacks on small and medium-sized businesses may not make the headlines like critical infrastructure and government agencies, smaller organizations are equally responsible for ensuring the security of the future.
Lax cyber diligence, especially during acquisitions and mergers between corporations, creates vulnerabilities throughout the entire supply chain for ransomware criminals to exploit.
Cyber security is everyone’s responsibility, from the small business employees to the executive branch of government, and collaboration to mitigate ransomware risks is a vital step.
The Colonial Pipeline attack follows efforts by the Biden administration to crack down on cyber crime. However, a game plan to deal with impactful attacks such as this has not been constructed.
As of May 10, the White House declined to comment on how Colonial Pipeline or similar private sector victims should respond to ransom demands, according to Reuters.
Regarding the choice of whether to pay the ransom or not, Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger, stated that “is a private-sector decision and the administration has not offered further advice at this time.”
However, Neuberger continued, stating that “given the rise in ransomware, [ransomware response] is one area we are definitely looking at now, to say what should be the government’s approach.”
On May 11, the White House released a fact sheet detailing the launch of an all-of-government effort to address the Colonial Pipeline incident.
Regardless of the specifics of how high-profile attacks like the Colonial Pipeline hack is handled, one message is clear; ransomware is an imminent and increasing threat to all organizations, and proactive protections are vital to avoid catastrophic consequences.
How to reduce your risk of ransomware today
Taking responsibility for your organization’s security and implementing proactive cyber security products and practices will reduce your risk of becoming a victim of ransomware.
Creating a ransomware incident response plan and encouraging all staff members to participate in a robust cyber security culture can improve ransomware prevention and remediation efficiency and effectiveness.
At Proven Data, we are committed to helping organizations navigate ransomware attacks. More importantly, we are passionate about helping you safeguard data and devices to prevent ransomware attacks from occurring in the first place (we even produced a documentary about it with Fmr. FBI Special Agent Patrick Gray of the Computer Crimes Squad).
If you are a recent victim of a ransomware attack or would like to learn more about how to implement proactive security services for your organization, reach out to our cyber security experts to get started.