Following a ransomware cyber-attack on Friday which forced Colonial Pipeline to shut down the main part of its network, US citizens have been urged not to panic buy and hoard petrol.
Colonial Pipeline which operates over 5,500-mile (8,900km) network has taken itself offline and does not expect normal operations to resume for days.
The effects of the cyberattack by suspected criminal group Dark Side are far reaching and according to a ‘spokesperson’ have exceed their own intentions. In a statement, the group stated that its only intention was to make money not cause impact on society.
Although it has yet to be confirmed, many cyber security experts are pointing the finger at Russia as being the location of the group, with evidence suggesting that the malware avoids encrypting computer systems where the language is set as Russian.
The gang has allegedly demanded millions of dollars in return for almost 100 gigabytes of Colonial Pipeline data that is claims to have acquired from the company.
The cyber-attack has had a serious economic and societal impact in the US. Pump prices have risen, with the American Automobile Authority claiming that fuel prices were rising to their highest level since 2014, whilst shares in US energy firms rose 1.5% on Wall Street. The US Government has had to relax fuel transportation rules to try and maintain supply across the States.
Unfortunately, ransomware attacks such as the one suffered by Colonial are becoming increasingly common. In 2019 it was estimated that there were over 184 million ransomware attacks in that year alone, with the average demand being $500.
Research has shown that 51% of US organisations have opted to pay a ransom after being hit with a successful cyberattack. It’s a very lucrative business.
Jeremy Fleming, director of GCHQ, the UK’s intelligence and cyber agency speaking at the Vincent Briscoe Annual Security Lecture earlier this year stated: “We’ve seen ransomware become a serious threat, both in terms of scale and severity. Increasingly, it targets crucial providers of public services, as well as businesses, as criminals play on our dependence on tech, resulting in serious disruptions, causing huge losses and significant threats to our supply chains.”
With identification and prosecution rates so low, and the rewards potentially huge, cyber attacks are a relatively risk-free activity for criminal gangs. As the new ‘Q’ famously stated to James Bond on meeting him for the first time in Skyfall “I wager I can do more damage on my laptop, sitting in my pyjamas, before my first cup of earl grey than you can do in a year in the field’.
So can anything be done to combat the risks of being held to ransom?
The answer is yes, and quite easily. Attacks can strike even the best-prepared, making it essential to mitigate the effects of a successful breach. However, the best line of defence is at the storage layer, where the data is written.
vXtream offers a solution which includes S3 Object Lock, a feature that protects data at the storage system level. With Object Lock, data cannot be deleted or changed for a set period. Because it cannot be changed, ransomware cannot encrypt it. Data is protected and ransomware is kept out.
Other defence strategies include redefining login credentials, do not use default! Add two factor here possible. And critically you must have a robust patching and update polices in place to ensure the latest versions are applied upon release.
However, one thing you must avoid is the do-nothing approach. Ransomware attacks ranked number 5 in the top 10 list of most-likely global risks according to the World Economic Forum Global Risks Report in 2019 and the likelihood is that this ranking will rise in 2020/21.
If you are concerned, please do not hesitate to contact us for a confidential discussion.