In May 2021, one of the U.S.’s largest fuel pipelines, Colonial Pipeline, was forced to shut down due to a cyberattack. Behind the attack was a ransomware threat.
Ransomware is a type of malicious software cyber actors use to deny access or availability to systems or data. The cyber actor holds systems or data hostage until the ransom is paid.
Following the attack, Colonial Pipeline CEO Joseph Blount made the decision to pay the hackers the $4.4 million ransom in an attempt to quickly restore service after the attack threatened the entire East Coast supply.
Was this the right thing to do? In the case of Colonial Pipeline, it is a big operation. The pipeline delivers nearly half the diesel and gasoline consumed on the East Coast of the U.S. In addition, the company provides jet fuel to major airports, many of which hold limited supplies on site.
It is increasingly common for firms to pay ransomware. A recent report looking at the U.S. found that many are paying attackers’ ransoms. This is occurring even though the consensus is that companies should never comply with attacker demands.
This also goes against U.S. government advice, where bodies like the FBI have reiterated that in no circumstances should individuals or businesses pay to regain access to information.
According to new analysis from Ric Longenecker, CISO at Open Systems, provided to Digital Journal, this is not good news as it gives cybercriminals more scope.
Longenecker opines: “Colonial Pipeline resorted to paying millions of dollars in ransom in an attempt to keep critical infrastructure afloat. In the short period of time since, there have been several other highly impactful events such as the Irish health system cyberattack.”
It is also important to note that, in the future “it may not be legal to pay ransom, which will reduce organizations’ avenues for quick recovery of data”, according to Longenecker.
This means that boosting security now is the priority. Longenecker advises: “The bottom line is that most traditional in-house security programs don’t adequately address today’s risks.”
This means “it’s crucial for companies to enhance their security postures so they can continue focusing on what they’re good at while leaving cybersecurity to the experts. That is why many organizations today are relying on managed service providers (MSPs) that deliver dedicated analysts, operational AI and machine learning technology, effective detection and response, and the ability for teams to establish recovery plans so they’re ready to contain threats quickly in worst case scenarios.”
