The Price of Falling Victim to Ransomware: Colonial Pipeline Forced to Pay $5 million ransom – could you be next?
May 17, 2021
By now, most of you have felt the impact of the recent ransomware attack on The Colonial Pipeline causing skyrocketing gas prices and even leaving some gas stations with shortages. Colonial Pipeline paid a pretty penny to resume operations by forfeiting $5 million to a well-known hacker group called Darkside. This is yet another example of a high-profile cyberattack.
Companies of all sizes are at risk of falling victim to cybercriminals. In late April of this year, Apple disclosed a third-party service provider had been attacked and cybercriminals were demanding $50 million in return for controls. The hackers behind the Colonial Pipeline have already attacked 3 additional companies only after collecting on the Colonial Pipelines ransom. The 3 companies were smaller in size and spread across the world – 1 in the United States, 1 in Brazil and, 1 in Scotland.
While Colonial Pipeline and Apple both experienced ransom attacks (cybercriminals deploy malicious software encrypting files on a computer system and then demand a ransom to be paid to restore the data), they were two completely different types of which exposures cybercriminals are now leveraging to ensure their payout:
- Critical Infrastructure – Colonial Pipeline carries nearly half of the fuel supply on the East Coast meaning holding such a critical company at ransom to resume operations is a ruthless approach to ensuring a ransom will be paid. Cybercriminals are now turning their attention to critical infrastructure as prime targets.
- Third-Party Targeting – Apple was not held at ransom within their own network, but at a third-party supplier of proprietary parts. Due to weaknesses within the third-party suppliers’ network, hackers used the vulnerability to their advantage. Knowing the third-party provider would not have the capital to pay combined with the proprietary data at stake, hackers knew Apple would forfeit the ransom.
It is imperative companies of all sizes assess their networks for weakness. A cybercriminal does not care if your business cannot survive after paying a ransom. They are looking for a quick payout. Many companies rely on third-party IT security professionals to help fill skills gaps to mitigate risks. There is no better time to ensure your company, big or small, has the right measures in place to keep your capital safe and secure.
How we can help
WVCT is here to help you assess your IT risks and support your overall security plan. To schedule a meeting today, connect with our Risk Services Practice Leader below.
Connect With Us.
Tiffany Pollard, CISA
wvco.com | 419.891.1040
Categories: Risk Services
Mar 23, 2020
In just a short amount of time, COVID-19 has had an immense impact on the global economy, as well as business operations around the world. How companies stay resilient and can adapt in the face of COVID-19’s impact, will be a topic of discussion for many business leaders as new information continues to surface. Along with COVID-19’s impact, the changes business leaders implement to respond to the ongoing crisis may introduce unintentional security and privacy risks.
Our daily routines are being impacted, along with the activities we perform. This creates opportunities for hackers, and others with malintent, who thrive in this type of environment, to take advantage of uncertainties and changes to routines. What has not changed, however, is an organization’s responsibility to protect data and to secure systems to reduce the risk of a breach or unauthorized access to information. The regulatory requirements, and other state and industry standards for protecting information, are as critical as the day they were implemented, if not more so. GDPR, CCPA, NYDFS, PCI DSS, CFIUS, HIPAA, HITRUST, SOX, and so on – still need to be adhered to.
The risk to an organization could increase if processes, implemented to help secure systems, protect data and information, and maintain daily operations, are not followed. Personnel, who have the assigned roles and responsibilities for managing systems and the corresponding data environment, need continued support and assistance to meet their job assignments.
To add to the complexity of daily operations, organizations have been forced to consider remote work options and telecommuting to slow the spread of the virus. There are certain technical considerations for remote workers, the first being the devices that they will use to conduct business. For organizations that provide laptops, this is generally a non-issue, however, if your workforce is typically in the office, working remotely can present some additional challenges from an equipment standpoint.
How will businesses secure remote access to company systems and data?
Businesses across the globe have been instituting remote work requirements to decrease the likelihood of spread and impact on business operations. Due to the increase of remote workers, businesses should secure access to company systems and data to ensure secure transmission of personal information. The actions below can help secure remote access to the organizations’ systems:
- Require secure connections to remotely access company systems. A VPN solution should be leveraged to ensure the transmission of data is secured over public networks. A common practice for many organizations is to use multi-factor authentication in conjunction with VPN to ensure authorized access.
- Ensure session timeouts for connections into company systems. Allowing remote connections to stay open indefinitely increases the window of availability for unauthorized access.
- Ensure workstations timeouts for remote workstations. With the increase of remote workers and remote workstations, businesses will be unable to physically secure these areas. By implementing workstation timeouts, businesses can reduce the availability of unauthorized access if a workstation were to be left unattended remotely.
- Require email using the organization’s distributed solutions. Organizations are so dependent on email communications and in most instances, corporate email is available remotely. Employees should be reminded not to conduct corporate business over personal email accounts, text messages or third-party apps that are not managed by the organization. This is a great opportunity to pick up the phone and speak with people in lieu of other typical communication channels.
How will businesses secure mobile assets?
Businesses should consider how mobile workstations will be secured. Due to remote working capabilities, an increase of mobile workstations provided to employees will need to be secured. Data at rest should be encrypted. Hard drives on workstations are commonly encrypted to ensure confidentiality of data. Just to start.
We are all adjusting to the changes as a result of COVID-19. By supporting and reinforcing your organization’s processes, procedures and solutions, which were implemented to protect your data, the risk can be better managed.
If you are concerned about the vulnerability of your organization, contact our Risk Services Leader, Tiffany Pollard (firstname.lastname@example.org) to help guide you through ensuring your systems are safe and secure.