Until recently, many of us considered ransomware a distant threat—something that happened to others but never directly affected us. That may have changed after the cyberattack on Colonial Pipeline, which operates the largest fuel pipeline on the East Coast of the United States, carrying gas from the Gulf Coast to New York.
On Friday, May 7, the private company revealed that its data systems had been compromised and its pipeline shut down as a precautionary measure. Three days later, gas shortages started rippling across the Southeast. The next day, the Federal Bureau of Investigation (FBI) announced that DarkSide, an organized hacking ring, had attacked one of the most vulnerable segments of the US energy system.
Panic buying ensued in states like North Carolina, where 75% of stations were out of gas. Those that maintained supplies became the scene of mile-long lines, heated arguments, and accidents caused by people reportedly pumping gas into plastic bags. Colonial Pipeline announced the following day that it had restored service to the pipeline, stabilizing gas supplies. Then, 48 hours later, the company capped off the head-spinning week by revealing it had paid DarkSide $5 million in Bitcoin to regain control of its data and restore its software systems.
While short-term fears about gas shortages and infrastructure vulnerability may be subsiding, the long-term realization may be more devastating: if ransomware can cripple half the nation’s gas supply and threaten a host of critical inter-related industries in the space of a week, the threat must be real.
So how bad can ransomware be?
This attack was so bad that Colonial Pipeline tried to avoid revealing any information—about cybersecurity protections it had in place before the attack, about the affected parts of its computer networks, or even about whether the physical pipeline itself was ever infected. When reports emerged about the $5 million ransom payment, the company initially wouldn’t confirm or deny them. Colonial Pipeline also didn’t respond to the criticism that paying the ransom could embolden other criminal groups or rogue states to sabotage American companies by compromising critical information.
Concerned about the precedent set by Colonial Pipeline’s decision to pay the $5 million ransom, the federal government has ramped up its attention to cybersecurity issues, announcing executive orders and disruptive responses to shadowy groups like DarkSide. In the wake of the Colonial Pipeline attack, the FBI issued an emergency alert to electric utilities, gas suppliers, and municipal governments to be extra cautious with suspicious emails, unfamiliar computer alerts, or unknown code. The Colonial Pipeline attack comes on the heels of other recent incidents involving hospitals, water treatment facilities, and even police departments.
How can you keep your business safe?
CMIT Solutions has compiled the following five suggestions based on our 25 years of experience protecting businesses and current guidance from cybersecurity organizations.
1. Back up your data.
Anne Neuberger, the White House’s Deputy National Security Adviser for Cyber and Emerging Technology, told reporters last week that Colonial was “in a difficult position if their data is encrypted and they do not have backups and cannot recover the data.” If the company had reliable data backups in place, it could have avoided the financial and reputational impact of paying $5 million in ransom and simply wiped its systems clean. This is the most critical step to avoid a data disaster that disrupts your company’s operations.
2. Make sure a recovery plan is in place, too.
This step is just as important as the previous one—after all, data backup is only as useful as the protocol in place to retrieve it. This is the only surefire way to foil a ransomware attack and keep your business up and running in the wake of a cyberattack. If you work with a trusted IT provider, you can outline and understand this plan in advance—before a serious issue affects your company. When it comes to critical infrastructure like gas pipelines, last week showed us the necessity of this kind of plan.
3. Assess and enhance your network security.
The key takeaway here is that one layer isn’t enough. Today’s businesses deserve a multi-tiered approach that combines firewalls, traffic analysis, remote desktop protocols, multi-factor authentication, and incident response to extend cybersecurity to all systems and devices. As hackers continue to refine their malware and ransomware attempts, IT providers like CMIT Solutions strive to stay one step ahead of new developments on the cybersecurity landscape.
4. Automatically update and patch all systems.
It’s not clear yet which of Colonial Pipeline’s systems were compromised by hackers. But many ransomware attacks in the past have been deployed against outdated operating systems and legacy applications that don’t have the latest security patches and software updates in place. Working with a trusted IT provider, this process can be automated to run behind the scenes, keeping your computers safe without interrupting your employees’ day-to-day work.
5. Provide ongoing training and education to your staff.
Many strains of ransomware target end-users, using cleverly spoofed emails or too-good-to-be-true web ads to trick them into clicking infected links or downloading malicious attachments. Understanding that these scam attempts are a matter of when, not if, your employees can be trained to recognize common ransomware tactics and phishing attempts, providing your company with another layer of defense. After the initial training, ongoing education is essential to keep your business ahead of the curve and mitigate any future threats.
As cybersecurity threats evolve and the general public becomes more aware of ransomware’s impact, businesses across North America can leverage this moment to better protect their information and operations. However, that can only happen if we all take ransomware more seriously.
At CMIT Solutions, we identify and prevent significant threats before they occur. We work with our clients to deploy 24/7 cybersecurity to devices and data. We keep our finger on the pulse of the rapidly changing cyber threat landscape, devising new ways to protect businesses from ransomware, data breaches, and network intrusions.
Ready to prepare your company and take cybersecurity more seriously? Contact us today.