Colonial Pipeline: How to Avoid Ransomware
How the most harmful cyberattack on U.S. critical infrastructure could have been avoided and what you can do to safeguard your business.
If we have learned anything as a nation in the last year, let us acknowledge that we are vulnerable. In a short period of time, we experienced a global pandemic, soaring rates of cybercrime, and a flurry of other shocking news headlines.
At NOYNIM IT Solutions, we believe there is a fine line between fear and productivity. Our mission is to keep you informed about cybercrime trends, so you can best mitigate risk, get back to business, and reclaim some of your power in an increasingly volatile world.
This week, we shed light on the recent Colonial Pipeline cyberattack. We walk you through what happened, how it could have been avoided, and what you can do to safeguard your business.
What happened to Colonial Pipeline?
Colonial Pipeline is the biggest petroleum pipeline in the nation. According to the company, it provides the East Coast with 45% of its petroleum products, gasoline, and jet fuel. On May 6, 2021, Colonial confirmed that their IT systems were compromised by ransomware.
The company instantly shut down four mainlines that transport diesel, jet fuel, and gasoline. Four days later, Colonial’s CEO warned state officials of a possible fuel shortage. Shortly after, the East Coast was heavily impacted by the deficit. The pipeline was down for days leading to a spike in gas prices and panic buying.
As the situation developed, we learned that the attack hinged on a single leaked password. Hackers gained access through a legacy Virtual Private Network (VPN) configured with single factor authentication. This differs from multi-factor authentication which we will further explain below.
Colonial ended up paying the $5 million ransom to regain access to its systems. Colonial CEO, Joseph Blount Jr., reported that he made the decision to pay the threat actor who is identified as the cybercriminal group, DarkSide. In another turn of events, U.S. law officials reported this week that they were able to recover $2.3 million in bitcoin paid to DarkSide.
The Impact of Colonial Pipeline’s Breach
While Colonial’s situation caused damage, the reality is that it could have been much worse. Even if you pay a ransom, there is no guarantee that you will regain access to your systems or data. Additionally, the fact that they were able to recover part of the ransom speaks volumes about our collective attention to ransomware.
As a result of the attack, we now understand how urgent it is to protect our critical infrastructure from threat actors. Wired reports how “Hackers have digitally crippled and extorted hospitals, hacked law enforcement databases and threatened to publicly out police informants …” Fortunately, officials are taking proactive measures to mitigate ransomware.
For example, the Department of Justice (DoJ) recently launched a new task force assigned to combating ransomware attacks. Forbes reports “The new Ransomware and Digital Extortion Task Force will help track cyberattacks and digital extortion schemes.” Their first seizure was the $2.3 million in bitcoin recovered for Colonial.
The new DoJ task force looks very promising. This month, they began taking measures to elevate investigations of ransomware to the same level as terrorism. They believe prioritizing ransomware allows for comprehensive investigations. The Justice Department’s monumental move to direct resources toward ransomware demonstrates how the U.S. is taking these threats seriously.
What is Multi-factor Authentication? (MFA)
We should be grateful that officials are prioritizing ransomware. However, taking measures to proactively defend yourself against a cyberattack is still paramount. As we mentioned, the Colonial Pipeline attack occurred because of 1 legacy account configured with single factor authentication. To combat the attack, all accounts should have been configured with MFA.
MFA acts as additional account authentication method. When MFA is configured, the account authentication process requires multiple steps. First, you enter the correct account login information. Then, your identity is verified through a fingerprint, smartphone application, or secure USB key. This simple method can make a huge difference in your overall security posture.
At NOYNIM, we recommend utilizing Duo MFA. Duo’s security process ensures that every user gets a push notification to their device when a login is attempted. Enabling Duo security is particularly important for Microsoft Office 365 & VPN. If you have questions about Duo, feel free to give us a call at 720.524.8616.
What can we learn from the Colonial Pipeline cyberattack?
- Focus on cybersecurity as part of your overall IT strategy & develop a modern cybersecurity plan
- Implement MFA on all accounts without exception
- Train up your team on cybersecurity awareness
- When your IT becomes too much to handle in-house, hire an IT consulting firm
Affordable Cybersecurity Solutions
At NOYNIM IT Solutions, we provide affordable cybersecurity solutions and IT services to small and mid-sized businesses across the United States. NOYNIM was founded on the belief that all businesses, regardless of size, deserve the same centralized support capabilities as large corporations, but at a fraction of the cost. Our goal is to perpetuate the growth of your business, while helping you avoid the large overhead costs often associated with employing in-house IT staff. We handle your IT needs so you can get back to business. Learn about our services here or contact us.