Colonial Pipeline Ransomware Attack

A large-scale ransomware attack led the Colonial Pipeline to shut down its 5,500-mile gasoline pipeline. The pipeline is one of the largest conduits for gasoline in the country; it funnels nearly half of the gasoline used by the entire East Coast. This hack illuminates the reality that no industry, business, or organization is safe from ransomware attacks.

What do we know about the cyberattack?

Colonial Pipeline’s operator suffered what is believed to be one of the largest cyber attacks on the oil infrastructure in United States’ history. Ransomware attacks are performed when hackers take computerized systems hostage until a payment has been made. The pipeline hack took nearly 100 gigabytes of data out of Colonial’s network in nearly two hours, and an undisclosed amount was requested as ransom.

The FBI confirmed that a hacker group originating in Russia named “DarkSide” is responsible for the attack.

Eric Goldstein, executive assistant director of the cybersecurity division at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency shared the following with The Washington Post.

“We are engaged with the company and our interagency partners regarding the situation. This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”

How to Protect Your Organization from Ransomware Attacks

Proactive prevention is the most effective defense an organization can take in protecting themselves from ransomware attacks. Dynamic Quest recommends that organizations take the following preventative measures to protect their computerized networks from falling victim to a devastating ransomware attack.

Proactive Prevention Measures

• Security Awareness and Training Program. Your end users are targets; educating your employees on how to identify and respond to threats will be crucial to prevention.
• Advanced Spam Filters. Implementing an email defense solution will help prevent phishing emails from reaching your end users and will reduce your overall risk.
• Firewall Protection. Configure firewalls to block access to malicious IP addresses.
• Monitoring & Patching. Patch operating systems, software, and firmware on all devices. Consider working with a managed service provider to have consistent monitoring and updates.
• Anti-Virus Solutions. Setup anti-virus and anti-malware programs that will conduct regular scans of your network.
• User Access Privileges. Define access for individuals based on roles. Limit administrative access to only essential employees.
• Configure Access Controls. Define access to file, directory, and network share permissions with the goal of minimizing access. If a user only needs to read files, ensure the settings allow for views but does not offer unnecessary editing functions.

Backup & Disaster Recovery Solutions

• Implement Backup Solutions. To protect your organizations from catastrophic data loss, it is essential to have a backup solution that benefits from a built-in standby server platform.
• Build A Disaster Recovery Plan. Work with a team of experts to build a disaster recovery plan based on your unique network.
• Annual Security Scans. Audit your network’s vulnerability regularly.
• Do not permanently connect backups to the network they are backing up. Securing backups in the cloud or physically storing backups offline will provide an easier recovery and response if you are infected.

Talk with Dynamic Quest

Ransomware is the fastest growing malware threat, and it does not discriminate when it comes to organization industry and size. Business owners can benefit from an effective prevention and response strategy that will significantly mitigate the risk your organization faces.

Talk with one of Dynamic Quest’s cyber security professionals today to discuss what your business can do to protect your critical information.