The recent Colonial Pipeline ransomware attack was one of the biggest pieces of news recently, and it’s still affecting gas production and delivery in some parts of the country.
The Pipeline hack has also brought to light many larger issues for a lot of organizations globally. Namely, how can they protect against similar attacks?
One of the best ways to prevent ransomware attacks is through the implementation of zero-trust security protocols and architecture, but before you can invest in that, it’s good to know why it’s relevant.
Below are more details about exactly what happened with Colonial Pipeline, which may serve as a motivator if you’re on the fence about making organizational cybersecurity changes.
The DarkSide Hacker Group
It’s believed the DarkSide is the group involved in the attack against Colonial Pipeline. They received a total of $90 million in bitcoin ransom payments before they shut down.
When they attacked Colonial Pipeline, the company had to stop operations on around 5,500 miles of pipeline. That lead to problems with gas delivery and shortages, primarily in southeastern states.
The DarkSide cybercriminal group is thought to be from eastern Europe, and Colonial paid a $5 million ransom to them.
DarkSide has ransomware as a service model. What that means is that hackers create and market ransomware tools, much like you would with software and cloud services. Then, they sell those tools to other cybercriminals who actually carry out the attacks.
Ransomware is a type of harmful software that blocks access to a computer system, data, files, or applications. It may encrypt those files.
The hackers carrying out these types of attacks demand a ransom payment which is usually made with cryptocurrency.
Then, in exchange for that ransom, they will restore the user’s access or unencrypt files, although there’s no guarantee they’ll hold up their end of the bargain.
Elliptic, a blockchain analytics company based in London, recently said they identified DarkSide’s bitcoin wallet that they use to get ransom payments.
At the same time as that identification was made, researchers discovered DarkSideclosed down because it lost server access, and the cryptocurrency wallets were emptied. DarkSide said it was due to pressure from the U.S., allegedly.
Elliptic said DarkSide and affiliates had made at least $90 million in ransom payments from 47 different wallets. The average payment was estimated at $1.9 million.
While bitcoin transactions don’t include identification, there is a digital ledger that’s public so researchers can see where funds are being sent.
A division of Toshiba said its unit in Europe had been hacked around the same time as Colonial Pipeline, and they blamed that on DarkSide. Ireland’s health service also faced an attack around the same time.
The DarkSide group has been launching attacks for around three years, and they started with lower ransoms. For example, they would ask for tens of thousands of dollars rather than millions, and they would carry out anywhere from eight to ten attacks each month.
Analysts say in the past few months, they’ve been getting bigger and bolder in what they demand.
Biden Administration Issues Executive Order
After the Pipeline attack, the Biden administration issued an executive order called “Improving the Nation’s Cybersecurity.” The EO was already in the works but was likely sped up because of the attack.
The executive order affects primarily the federal government and agencies, but some federal contractors will also be impacted. The private sector may similarly be influenced.
Some of the items that are included in the EO include the removal of barriers in contracts between the federal government and its IT service providers. The goal of this aspect of the EO is to increase and improve information sharing about threats, risks, and incidents.
The EO seeks to modernize the approach to cybersecurity with the use of something mentioned above, which is zero trust architecture. Other ways the EO calls for cybersecurity to be modernized include centralizing access to cybersecurity data and more analytics to identify and manage risks.
The EO will standardize the federal government’s response to cybersecurity incidents, improve detection in government networks, and establish a Cyber Safety Review Board.
The Executive Order is working to improve software security with the establishment of baseline standards for all software sold to the government. Developers will be required to provide visibility into their software, and they’ll have to make security data publicly available.
A Larger Issue
The Colonial Pipeline brought attention to something that is a growing issue.
Ransomware attacks are getting more frequent and more severe, and the methods are more sophisticated.
Federal and local government agencies have been the target, police departments, water treatment plants, and solar power firms.
The Pipeline attack to this point has had the most impact, and it led four states to declare a state of emergency.
However, it’s likely just the beginning.
The city of Baltimore faced a ransomware attack in 2019, and it didn’t pay the demanded ransom, which was 13 bitcoins. At the time that would have been just over $90,000. Instead, they handled their own recovery, but it ended up costing them more than $18 million.
Despite the payment by Colonial Pipeline, the FBI’s guidance is not to pay the ransom because there’s no guarantee your organization will get its files back and it provides incentives for other attackers.
However, companies face a tough and nearly impossible situation when they are the victim of ransomware attacks. If their data is encrypted and it’s not backed up, there’s no other way to recover it.
This brings up the importance of first having the right security measures in place. As has been mentioned several times, zero-trust security architecture seems to be the model of the future because it trusts no one inside or outside the network. Employee training and understanding the human element of ransomware attacks is important, and having cybersecurity insurance can provide another layer of protection if you do have to pay the ransom.
You can also stay updated by subscribing to iTechCode.