Colonial Pipeline Ransomware Hack Reinforces the Need for a Tape Air Gap to Support 5 Best Practices Recommended by the FBI
Ransomware attacks used to be relatively simple, if unpleasant, affairs. A device would be compromised, the user locked out, and a ransom notice would appear: Pay up if you want to access those files again. On an organizational level, hackers would sometimes gain enough presence in the network to be able to lock IT and users out of their systems. Many of these attacks would go largely unnoticed, even unreported with minimal impact to anyone except the victim organization.
But the Colonial Pipeline hack added a more sinister element – shutting down the pipeline backbone that provides 45% of the gasoline consumed by most of the U.S. eastern seaboard. Gas prices spiked as supplies began to run out. Lines appeared as panic set in at the pumps. The pipeline operator acted quickly and made a ransom payment of $4.4 million dollars in bitcoin to the cybercriminals behind the breach. In return, they provided Colonial with a decryption tool to regain access to their systems. Not surprisingly, the decryption tool turned out to be less than effective, forcing Colonial to restore from existing backups anyway.
But the success of the attack and money paid over is likely to embolden hackers to go after even more lucrative infrastructure targets. That’s why the FBI strongly advises organizations not to pay a ransom. It’s not unlike the policy of refusing to negotiate with terrorists. Paying the ransom not only emboldens the criminals, it does not guarantee complete recovery or prevent repeated ransomware attacks. The more you give in to their demands, the more likely they are to try again.
But Colonial Pipeline paid after careful consideration of what was best for all those that depend on its infrastructure. Some are now wondering if the FBI will carry out its threat to fine Colonial and those who do decide to pay out a ransom. This remains to be seen. Yet, in the high-stakes game of oil and gas, any fine is likely to be no more than a minor inconvenience compared to the potential revenue and profits at risk – perhaps one of the motivations behind the company paying fairly soon after the attack.
Brazen Attacks on the Rise
Expect, then, even more brazen and perhaps costly attacks on U.S. infrastructure, government, industry, and essential services. Remember the SolarWinds saga from earlier in the year? The vulnerabilities of the U.S. Government and its software contractors exposed in this case prompted the White House executive order on “Improving the Nation’s Cybersecurity” issued on May 12th. The fall-out from the Colonial Pipeline attack will likely lead to stiffer regulations imposed on pipeline operators and other critical infrastructure players. The broader market needs to pay attention, too, as the frequency of ransomware continues to rise:
- Department of Homeland Security figures show a 300% increase in ransomware in 2020 compared to the previous year.
- Small business targets paid out $350 million in ransoms last year.
- Attacks on schools, local government systems, and healthcare providers have risen sharply.
- And the volume of ransomware victims is expected to rise sharply this year.
Most organizations are understandably far more focused on their primary mission than on instituting cybersecurity measures. This often makes them easy targets. All it takes is one slip by IT or one gullible user and the bad guys can move in and do their damage. Increasingly, that damage involves ransomware.