It’s been over a week since the critical infrastructure at Colonial Pipeline has been cyberattacked, causing the company’s operation to halt and preventing it from distributing oil from Texas to the east coast. It is estimated that the company paid a ransom of approximately $5 million in bitcoin in order for the hackers to make the company’s systems and network available. Even though the company was able to begin the process of restoring its technology, the fact that they had to pay the hacking group is a terrible paradigm to set. Ransomware is a popular malicious script that cybersecurity professionals are constantly looking to identify and mitigate. Now other companies may choose to pay a ransom to hacking organizations rather than invest in the cybersecurity resources they need to bring their assets back online. Also, Colonial Pipeline was lucky in this scenario because the hackers actually followed through with their promise to restore the company’s technology. Typically, when someone pays a ransom it only makes things worse because the hacking organization chooses to keep the money and not restore access for the company.
It is a good cybersecurity practice to never agree to pay hackers for access to systems and networks. There is no guarantee that they will provide the access for you; therefore, the Department of Homeland Security and the Department of Defense recommends that victims of ransomware should refrain from paying hacking groups 100% of the time. These departments recommend allocating cybersecurity resource and collaborating with third-party vendors that can help the company get back online and manage its critical infrastructure. The unfortunate reality is that far too many individuals and companies are paying the ransom, which emboldens hacking organizations to commit cyber crimes at other organizations.
It is also important to note that companies should have an information security policy that outlines the ways in which it can backup its data. Companies that implement this strategy can often get their systems up and running again more efficiently if they have backups that they can load, which will restore data to a particular point in time that hopefully occurs before the systems were compromised by the hackers. Companies that do not have sufficient backups are more likely to pay ransoms; this is a trend in cybersecurity that is rising, and it is an area that cyber professionals can assist companies with on an ongoing basis by implementing information security polices and executing an efficient backup strategy.
The hacking of Colonial Pipeline is a unique circumstance because the hacking organizations usually try to disrupt the supervisory control and data acquisition (SCADA) components of a company’s system. The hacking group, DarkSide, used ransomware to cyberattack Colonial Pipeline’s business information and shutting down its communication between devices which had an adverse effect on the company’s ability to distribute oil to the east coast. DarkSide also cyberattacked the company’s billing system, causing them to lack the ability to distribute oil and bill their customers.
It’s been a long week for Colonial Pipeline, but now they are starting to bring their operations back and should be able to distribute oil more efficiently in the next couple of days.