designDATA’s Security Experts Speak on the Colonial Pipeline Ransomware Attack

designDATA’s Security Experts Speak on the Colonial Pipeline Ransomware Attack

Four-minute read

Colonial Pipeline announced a major security breach in May that saw the enterprise becoming the latest victim of a high-profile cyberattack.

Ransomware attacks have become more common in recent months, and so have multi-million dollar payouts to those carrying out these attacks. Hackers have become more professional, and cyber-extortion has become a lucrative business, with cybercriminals extorting vulnerable enterprises for millions of dollars.

As we saw in the Colonial Pipeline ransomware attack, these can have a significant economic impact.

Read on to learn more about the Colonial Pipeline ransomware attack and its consequences.

What happened?

On May 7, Colonial Pipeline was the victim of a ransomware attack targeting its business operations network. After discovering the breach, Colonial Pipeline proactively took specific systems offline, shutting down its operating technology network and 5,500-mile gas pipeline, one of the largest in the US.

The attack had ripple effects, leading to rising gas prices, panic buying, and the closure of thousands of gas stations, causing a significant energy crisis on the US East Coast.

To carry out such an attack, the criminals first enter an organization’s network to steal sensitive data, then launch ransomware that encodes the files, making it impossible for the organization to operate. They demand a ransom to unlock the system and may also threaten to reveal confidential information, sometimes sharing sample pages with their victims as leverage.

In the Colonial Pipeline ransomware attack, the stolen data was uploaded onto the attacker’s leak website. The victims then received a page URL showing what could be revealed if they did not pay the ransom. Colonial Pipeline ended up paying $4.4 million in bitcoin to the hackers to restore its systems.

Who was responsible?

On May 10th, the FBI confirmed that DarkSide was responsible for compromising Colonial Pipeline’s networks. Darkside, a cyber gang believed to be operating from Russia, first emerged in August 2020 and has since carried out dozens of targeted cyberattacks.

The group later claimed that it did not intend to compromise critical infrastructure or disrupt energy supplies but was acting purely for financial gain. Nevertheless, the attack had far-reaching consequences, even prompting President Joe Biden to issue an executive order to strengthen cyber defenses and create a federal response to cyberattacks.

“DarkSide effectively operates as a business. It develops tools to carry out ransomware attacks, using the “ransomware as a service” model and selling these tools to affiliates to carry out cyberattacks,” explains Jonathan Roy, Director of Security and Compliance at designDATA. “While DarkSide has claimed it won’t target essential services like healthcare, education, and the non-profit sector, not all cybercriminal groups have this same philosophy. Many seek to target such organizations for their financial gain.”

– Jonathan Roy, Director of Security and Compliance, designDATA

How can designDATA help?

The Colonial Pipeline attack demonstrates how even a seemingly unsophisticated ransomware attack can have devastating consequences.

From an employee unwittingly opening an email attachment containing ransomware to a malicious insider deliberately providing access to an organization’s network, there are many ways in which these criminals target their victims. Business leaders need to be proactive in implementing good cybersecurity practices to protect their organizations.

designDATA’s experts will take the time to understand your business and help clarify your security priorities to build a solution that keeps your organization’s data and networks secure. We can help your enterprise build a comprehensive Incident Response Plan to ensure you are fully prepared for the possibility of a cyberattack.