Ransomware attack disrupts major American fuel pipeline operator - $4.4 Million USD Payout

A ransomware attack against Colonial Pipeline - a major fuel pipeline operator responsible for nearly half of the USA's east coast fuel supply - has resulted in a shutdown of the entire network.

The ramifications included not only gas shortages for many eastern US states, but also corresponding price hikes that raised the national average to over $3 a gallon for the first time in 6 years.

The initial shutdown of Colonial Pipeline networks began on May 7, and it wasn't until May 13 that Colonial Pipeline stated a return to normal operations.

The incident constitutes one of the most prolific attacks against American infrastructure on record. President Joe Biden was briefed on the events that took place, and government bodies offered assistance in the restoration the network.

While the impacts on the service and wider economy were devastating in of themselves, the cherry on top was a ransomware payout of $4.4 million USD.

The average ransomware payout is reportedly just over $300,000 USD, and while conventional advice including our own is to avoid paying a ransom at all costs, the stakes for Colonial Pipeline as a major pipeline operator were simply far too high.

The payment was made entirely in BitCoin, likely on account of the cryptocurrencies' capacity for anonymous transactions.

Joseph Blount, the CEO of Colonial Pipelines, has chalked the payment up as a necessity, stating that "It was the right thing to do for the country."

Following investigations, the FBI has confirmed that the ransomware group "DarkSide" is responsible for deploying the attack.

DarkSide is a group that offers Ransomware-as-a-Service, meaning that they can be paid to deploy ransomware attacks against target organisations.

DarkSide claims to have a philanthropic approach to their cybercrime, targetting 'Big Game' targets and donating a portion of proceedings to charity. In this event, the ramifications of this attack had a knock-on effect on the entire economy, putting to question whether or not their 'Robin Hood' antics are truly charitable at all.

DarkSide representatives have issued an apology for the knock-on effects of their attack against Colonial Pipelines, claiming to choose their future targets more carefully.

Few of us are responsible for such large-scale operations as Colonial Pipelines, however, there are a number of key learnings we can take from their recent struggles:

• Backup your data: Depending on the extent of a ransomware attack, backups can potentially restore your data and systems, enabling you to then focus on securing your systems instead of paying out a hacker. Back up your systems and data regularly so you have some potential wiggle room in the event of an attack.
• Train your organisation: Human error is repeatedly the leading cause of cybercrime. While Colonial Pipeline has not disclosed how the ransomware attack occurred, it's entirely possible that a simple misclick or phishing email created a point of entry for the attackers. Deploy regular awareness training at all levels of your organisation to reduce your human-risk as much as possible.
• Treat payment as a last resort: The problem with paying an attacker is that there's no guarantee they'll restore your access, or delete the data they've stolen. Work with security professionals to determine the best course of action, and only make payment if it's impossible to recover through other means.

Not sure about the next steps to take for your cybersecurity? Visit cyberaware.com for key safety tips and takeaways.