Pipeline Hack Exposes Cybersecurity Weaknesses to Energy Companies
As has been widely reported in the press, the recent ransomware attack that took down the Colonial Pipeline and affected many people on the East Coast has been reported to originate in Russia. Some news outlets report that a $4.4 million ransom was paid; however, that information is being disputed by some officials. Despite the pipeline operating normally again, some states still have gas shortages.
There are two interesting twists to this story. First, the hackers apparently had a fail-safe system, whereas if you have a Microsoft operating system that has a keyboard sold by Russia or Ukraine, the ransomware does not infect your machine. Second, the organization (DarkSide) was subsequently attacked, their servers were seized, and the funds from the founders were transferred to an unknown account.
More detailed information on this incident can be found in the following articles:
- Try This One Weird Trick Russian Hackers Hate – Krebs on Security
- DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized – Krebs on Security
- Colonial Pipeline Shells Out $5M in Extortion Payout – Threatpost
Preventing ransomware from affecting your systems should be a key strategic item for all organizations. A few preventive strategies include network segmentation, enhancing email filters to prevent phishing emails, training employees to recognize phishing attempts, preventing executable files from being installed at the user level, and disabling USB drives. Short of prevention or paying the ransom and hoping the hackers return your information, recovery is your last option, so make sure you have current air-gapped “full” backups available to reinstall to avoid significant downtime.
President Biden’s recent executive order makes it clear that our nation needs to tighten up our cybersecurity efforts. BKD Cyber professionals can help train your team on methods and best practices for lowering your cyber risk, as well as how to appropriately respond to a cyberattack to help mitigate your losses. Our training is tailored to various individuals across your organization, from employees to the board of directors. Please contact us using the form below or visit bkdcyber.com for more information.