Colonial Pipeline: What You Need To Know About Ransomware

May 13, 2021
IT Security, News
3 min read



On Friday, May 7, the Colonial Pipeline, a pipeline responsible for transporting and supplying half of the East Coast’s fuel supply, fell victim to a ransomware attack. This halted the pipeline’s operations, a shutdown that has persisted until Wednesday, May 12.

As gas prices skyrocket, panic-buying surges, and authorities scramble to establish alternate routes to transport the gasoline, the resource that supplies gasoline and diesel fuel, home heating oil, and jet fuel, some people are asking, “Who’s in charge here?”

If major components of the country’s infrastructure can be hacked, so can many SMBs, if they don’t have proper protections and protocols in place.

A vast majority of ransomware attacks originate overseas, often in countries beyond the reach of American law enforcement. Most security experts generally agree that companies should not pay ransoms; indeed, in October 2020, the US Treasury issued an official advisory warning companies that they may be punished for paying ransom to hackers.

This is not enough, though, for public officials and security experts to curtly warn against paying ransom. A much more educational and proactive approach needs to be taken to address ransomware attacks, which increased more than 150 percent in 2020.

The COVID-19 pandemic forced a transition to remote work for many companies across the country. This created a great amount of opportunity for bad actors.

In 52 percent of the attacks analyzed by Group-IB researchers, hackers used publicly accessible remote desktop servers to gain access. Additionally, hackers used phishing techniques in 29 percent of attacks and exploited public-facing applications in 17 percent of attacks.

Ransomware costs billions of dollars every year. Beyond the average $178,000 ransom price tag, downtime can account for an additional $283,000. The average cost to recover from a ransomware attack is $1,450,000. Worse, insurance companies are not guaranteed to cover these costs.

Essentially, protection from ransomware begins before a ransomware attack even launches. Once an attack occurs, there is no guarantee you’ll be able to access your data even if you pay the ransom.

Protection from a ransomware attack should involve multiple layers of insulation and security. Antivirus and antimalware protection is obvious, but it must be more than this. Automated security, email filtering, and proactive maintenance are just the beginning. Employees must be educated on risks and recovery protocol to minimize risk and downtown.

To prepare for a potential ransomware attack, recovery measures must be implemented beforehand. This includes thorough and timely backups of all your data; this must also include the proper operating procedures to ensure that the recovery process is initiated as quickly as possible. This limits downtime and prepares you to return to work in a timely manner.

Tigunia offers ransomware protection planning and disaster recovery services, among other infrastructure services. If your company does not already work with Tigunia infrastructure experts, let us provide you with a second opinion. Reach out to schedule a meeting and we’ll get started.