K2E Canada Inc
  • Home
  • TRAINING
    • WEBINARS
    • ROAD TO EXCELLENCE ONLINE SEMINAR
    • SEMINARS
    • TECHNOLOGY CONFERENCE
    • INSTRUCTORS
  • NEWSLETTER
    • Signup
  • ABOUT
  • CONTACT
  • BLOG
  • Home
  • TRAINING
    • WEBINARS
    • ROAD TO EXCELLENCE ONLINE SEMINAR
    • SEMINARS
    • TECHNOLOGY CONFERENCE
    • INSTRUCTORS
  • NEWSLETTER
    • Signup
  • ABOUT
  • CONTACT
  • BLOG

The Colonial Pipeline Ransomware Attack: Lessons Learned

7/5/2021

 
By now, most are familiar with the ransomware attack committed against Colonial Pipeline. While the aftershock of this event will last for years, there are immediate lessons we can – and should – learn from this cybersecurity incident. In this article, we will examine what happened and what Colonial did in response. We will also look at what we can do to reduce the likelihood of becoming another ransomware victim.

Anatomy of the Colonial Ransomware Attack

As reported by multiple news outlets, Colonial Pipeline fell victim to a ransomware attack on May 7, 2021. The hacking group DarkSide claimed responsibility for the attack, which forced Colonial to shut down a major pipeline that carries gasoline, diesel fuel, and jet fuel throughout the Southeast and Atlantic Seaboard portions of the United States. As a result, millions in affected states experienced fuel, food, and other materials shortages. Colonial has not disclosed how the ransomware infiltrated the network. However, DarkSide purportedly stole 100 gigabytes of data from Colonial the day before the attack and allegedly threatened to leak portions of that data unless the Colonial paid the ransom.

Colonial paid $5 million in ransom within several hours of the attack and received the necessary tools from Darkside to begin recovery operations. However, the tools provided ran too slowly to be effective. Therefore, Colonial pivoted to restoring the network using company-made backups. On May 12, Colonial indicated that they had begun restoring pipeline operations, and all pipeline operations were running normally as of May 15.

What is Ransomware?

Ransomware is a form of malware that infects a computer or a network, encrypting the data, rendering it unusable. Generally, the attack’s perpetrators offer to provide a “key” to the victim so they can unencrypt the data and return it to a usable state. However, to receive the key, the victim must pay a ransom. The perpetrators typically require the victim to pay the ransom with cryptocurrency. This requirement exists because of the presumed untraceable nature of cryptocurrency. If the victim pays the ransom and the hackers provide the key in return, the victim can recover their data. Unfortunately, in some cases, the hackers receive the ransom but do not provide the recovery key, leaving the victim without their data and the money paid.

Lessons Learned from the Colonial Incident

We can learn many lessons from the Colonial Pipeline ransomware event, and these lessons extend to individuals and businesses alike. First and perhaps most importantly, we should understand that no individual, company, computer, or network is immune from the threat of ransomware. In fact, ransomware attacks increased 62% from 2019 to 2020, with 304,000,000 attacks reported in 2020, according to Statista. In business environments, ransomware knows no boundaries, impacting businesses of all sizes in virtually all industries. Therefore, if your company has not yet developed a response plan, now is time to do so.

Ransomware Attacks Often Result from Phishing Emails

One of the most common means used by cybercriminals in ransomware attacks is phishing emails. With this attack vector, the criminals send emails containing malicious links or attachments, and if recipients click those links or attachments, they become yet another ransomware victim. Therefore, do not click links or attachments in emails received from persons you do not know or if you were not expecting links or attachments in the message. Better still, enable spam filtering to block inbound emails containing links or attachments.

Ransomware Often Evades Anti-Malware Tools

The nature of ransomware is such that it often evades anti-malware tools. Ever-evolving strains of ransomware frequently morph so that new versions of the malicious software continually appear. Because these versions are fresh and the anti-malware tools have not yet seen them, they do not classify them as dangerous and block them. Therefore, recently-introduced strains of ransomware often go undetected by anti-malware software. To help address this issue, consider enabling “white-listing” software, which only allows pre-authorized applications to run on your computer. In this scenario, unless the ransomware is on a device’s white-list, it cannot execute on that device.

AppLocker and Controlled Folder Access are two forms of white-listing tools, and Microsoft includes both these tools in business-oriented versions of Windows 10. AppLocker is a tool usually administered by IT staffers. With this tool, you can specify all the approved applications authorized to run on a given device. If ransomware gets installed onto the device – by clicking a malicious link, for example – AppLocker should block it from running because the ransomware will not be on the approved software list.

Similarly, Controlled Folder Access blocks unapproved applications from making changes to data files in folders designated explicitly by a user. By doin so, Controlled Folder Access minimizes the risk that ransomware compromises your data. Of course, no method of preventing ransomware is fool-proof. However, using one or both of these techniques may reduce your chances of becoming another victim of a ransomware attack.

Prepare for the Eventuality that You May Become a Victim

Despite our best efforts, it is altogether possible that you or your organization may become a victim of ransomware. If you do, the malware will encrypt your data and hold it hostage until such time you pay the ransom. The best way to recover is by restoring your data from a recent backup. As identified above, this is the strategy Colonial reportedly used to recover their data, even though the company paid the ransom.

Of course, restoring from a backup is only an option if you have a backup strategy that is appropriate and all-encompassing. To that end, ensure that that your backups capture all necessary data files. Further, your backups should have an “air gap.” In this context, an air gap is a backup configuration that ensures companies store their backups offline, disconnected from the network. This step is necessary to ensure that the same ransomware that affects the data does not encrypt the backup media. Without an appropriate air gap, ransomware can compromise a company’s data and its backups.

Summary

Ransomware, unfortunately, remains a real and persistent threat. If you fall victim to ransomware, you have three options: 1) recover your data from a backup, 2) pay the ransom, or 3) lose your data forever. To effectively mitigate ransomware risk, ensure that you do not click on links or attachments in suspicious emails. Further, do not get lulled into a sense of false security that your anti-malware tools will prevent such an attack. Additionally, take advantage of tools such as AppLocker and Controlled Folder Access, both of which can mitigate the risk associated with ransomware. Finally, despite all your best efforts, you should assume you will become yet another victim of ransomware and, given this assumption, ensure that your backup strategy will allow you to recover your data files. It’s your data, and it’s your decision. Choose wisely because the future of your business may hinge on your decision.
Concerned about cybersecurity? Consider one of the cybersecurity learning options available from K2 Enterprises.

Tommy Stephens

    Categories

    All
    2022
    Accountant
    Accounting Software
    Accounting Solutions
    Adobe
    Advisory
    AI
    Artificial Intelligence
    Automation
    Backup
    Bitcoin
    Blockchain
    Business Automation
    Business Continuity
    Business Intelligence
    Business Management
    Cloud Computing
    Collaborate
    Collaboration
    Colonial
    Computer
    COVID 19
    COVID-19
    CPA
    CRM
    Cryptocurrency
    Customer Relationship Management
    Cybersecurity
    Cyptocurrencies
    Dext
    Doc.It
    Ecommerce
    Emerging Technologies
    Entrepreneurs
    Excel
    Forecasting
    Forecast Sheet
    Google
    Grammarly
    HR
    Internal Controls
    Internal Priorities
    KPIs
    LET
    Links
    Management Reports
    Microsoft 365
    Microsoft Office 2021
    Microsoft Teams
    Office
    Office 365
    Online Shop
    Outsourcing
    Pandemic
    Paperless
    Personal Computer
    PivotTables
    Power Automate
    Power BI
    PowerPoint
    Productivity
    QuickBooks
    Quickbooks Online
    Ransomware
    Receipt Bank
    Remote Work
    RPA
    Sage 50
    Security
    Small Business
    Small Business Accounting
    Small Business Accounting Software
    Stockhistory
    Technologies
    Technology
    Tech Update
    Windows
    Windows 10
    Windows 11
    Word
    Work At Home
    Workflow
    Work From Home
    Xcm
    Zoho
    Zoho CRM

    Authors


    Ward Blatch
    Ward provides consulting and training services as the Managing Director of K2E Canada Inc. He joined K2E Canada in 2005 and is responsible for the Canadian operations of this international consulting group, which provides professional development technology education for accountants across Canada and the US. Ward lives in rural Nova Scotia and can be reached at ward@k2e.ca.

    Tommy Stephens
    Tommy is one of the shareholders in K2 Enterprises, affiliating with the Firm in 2003 and joining as a shareholder in 2017. At K2, Tommy focuses on creating and delivering content and is responsible for many of the Firm's management and marketing functions. Tommy resides in the metro Atlanta area. You may reach him at tommy@k2e.com.

    Randy Johnson
    Randy is a nationally recognized educator, consultant, and writer with over 40 years experience in Strategic Technology Planning, Accounting Software Selection, Paperless, Systems and Network Integration, Business Continuity and Disaster Recovery Planning, Business Development and Management, Process Engineering and outsourced managed services. Randy can be reached at randy@k2e.com


    Bernie Smith
    Bernie coaches businesses to develop meaningful KPIs and present their management information in the clearest possible way to support good decision making. As the owner of Made to Measure KPIs, he has worked with major organisations including HSBC, Airbus, UBS, Barclays, Credit Suisse, Lloyds and many more.

    RSS Feed

Training & Education

Webinars
Road to Excellence Online Seminar
Seminars
Conferences
Instructors

Tech News

K2E Canada's Tech Update Newsletter

More

Privacy Policy
About
Contact

K2E Canada Inc.  |  484 Scarlett Crescent  |  Burlington, ON L7L 5M2  |  (905) 633-9772
© 2023 K2E Canada Inc. ALL RIGHTS RESERVED.