Article by Shane Laing, Luminant Digital Security
On Friday, May 7th the U.S. Colonial Pipeline Co. which distributes nearly half of all the gasoline and jet fuel used on the U.S. East Coast, experienced a ransomware cyberattack causing the company to shut down its fuel supply operations. Despite Colonial’s decision to pay the nearly $5 million ransom for the decryption key in hopes of quickly recovering their data, the decryption process was so slow that Colonial had to revert to recovering from backup. Five days later Colonial finally resumed fuel shipments, a delay that massively impacted the U.S. fuel supply chain leaving many gas stations dry and consumers without fuel. This attack is one of the most significant critical infrastructure ransomware attacks in the U.S. to date.
What is Ransomware?
Ransomware is a type of malicious software that locks the victim organization out of its data through encryption. Attackers offer to provide the key to unlock your data if you pay the requested ransom amount, usually payable in cryptocurrency.
How do the bad guys get in?
Ransomware is often the result of criminals taking advantage of organizations with unsupported or unpatched software, malicious email attachments, poor privileged user account management or insecure remote access. After gaining access to an organization’s network, cyber-criminals will steal copies of its victim’s data, leaving the victim with encrypted files they can no longer access. The victim is forced to recover from backup or pay the ransom. If the organization refuses to pay, the attackers apply further pressure by leaking the companies files to the dark web. The Colonial Pipeline attack is just the latest in an ever-increasing wave of cyberattacks that have been occurring around the globe and affecting organizations in every industry and sector.
I’m not a target, am I?
From the small-to-midsize business (SMB) owner perspective you may ask, if a large corporation like Colonial Pipeline wasn’t able to fend off such a crippling cyberattack, how can the average SMB possibly manage to protect itself? You may also wonder why cyber-criminals would want to target your business in the first place? The reality is that for the non-politically motivated cyber-criminal, their goal is simply to get paid. This is organized crime; they treat it like a business and an opportunity is an opportunity. If you’ve left the door open, as so many SMBs do, someone will eventually walk in and ask for your money. Neglect, denial, and assumptions are what opens the door to a cyber-attack.
What can I do?
The most common reason an organization (of any size) suffers a ransomware attack is because they’ve overlooked something in their environment, not because the attacker is a cyber-mastermind. The good news is that there is hope, but you need to have a plan; Luminant can assist you in developing a strategic cybersecurity plan. Additionally, the following tips will go a long way to lowering your risk of becoming a ransomware victim and reducing the impact if you do:
- Keep your house clean, maintained, and the windows and doors locked.
- Train your people so they can identify a scammer when they come knocking.
- Know where your important stuff is and how it’s protected.
- Know the who, how and why around access to said stuff.
- Get 100% clarity on vendor responsibilities in your contracts.
- Get clarity on your vendor’s security practices (and your vendor’s vendors’ security).
- Incident Response Plan: when the house is on fire, everyone should know what to do.
- Have multiple backups and test recovery (regularly).
- Make friends with law enforcement and line up your legal representation.
- If all else fails, do you have insurance?
While digital extortion will continue to be a fact of life in the modern business world, how much a cyber-attack may impact your business in the future depends on the choices you make today. If you have questions, concerns or need assistance navigating the cyber-risk landscape, Luminant Digital Security is here to guide you through the darkness. Contact us today or visit our website here for more information.