EXECUTIVE SUMMARY:
Warnings of cyber attacks that weaken critical infrastructure have been issued for years. Late last week, one of the largest US fuel pipelines was paralyzed by a ransomware cyber attack according to this CNN report. The cyber crime forced the shutdown of Colonial Pipeline’s gasoline transport to 17 eastern states.
Colonial Pipeline Co. operates a 5,500-mile pipeline that delivers 45% of the gasoline and jet fuel supplied to the U.S. East Coast. The company carries 2.5 million barrels a day.
Here are the latest facts about this attack:
- The FBI confirmed the ransomware attack was committed by “DarkSide,” a Russian criminal group.
- DarkSide claimed credit, indicating their motivation was “only to make money” and not on behalf of any foreign government.
- DarkSide is a relatively new, fast-growing ransomware group that has been around since August, 2020.
- The BBC reported that almost 100 gigabytes of Colonial’s network data was taken hostage
- Eighty-five percent of the US infrastructure is owned and operated by the private sector
Colonial Pipeline was able to restart smaller lines between fuel terminals and customer delivery points; however, the main lines remained shut. Repercussions such as high gasoline prices are possible because of this event. Gasoline production will also need to be reduced should the pipeline continue to be shutdown.
Ransomware attackers have increasingly preyed on perceived ‘soft targets,’ including schools, local governments, hospitals, among others. Even COVID vaccine supply chain organizations have been attacked.
The Justice Department claimed 2020 was “the worst year to date for ransomware attacks.” Ransom demands exceeded $100,000 and in some cases, up to tens of millions of dollars.
Ransomware strikes without warning. It penetrates your organization through the web, email, or removable media devices. Without focused ransomware detection, you run the risk of an attack bypassing your traditional security products. The impact of a successful ransomware attack can be devastating; crippling your business for days, months, and for even longer periods.
For more information on the Colonial Pipeline ransomware attack, click here.