On Friday, May 7th, Colonial Pipeline announced that ransomware, one of the most common forms of cyber-attack, had affected their systems. The attack halted all pipeline activities through which Colonial supplies the east coast with 45% of its liquid fuel. As a security precaution, they immediately took critical systems offline to keep the ransomware from causing further issues and infection. The attack has been traced back to a well-known hacking ransomware group named Darkside and has led the US to declare a State of Emergency for 17 states across the east coast.
Ransomware is a Problem
This incident comes when ransomware attacks are hitting all-time highs. Over the last year, the number of ransomware attacks grew 150%, according to the Ransomware Uncovered 2020/2021 report by global threat hunting and cyber intelligence company, Group-IB. The spike in ransomware cases has prompted a swift reaction from the Department of Justice, which proposed a plan and a task force to target and disrupt the financial operations of the ransomware gangs.
FBI confirms the Darkside ransomware
The FBI confirmed that the Darkside group was behind the attack on the Colonial Pipeline company. This group believes they are taking an approach like the character of Robin Hood, where they only want to steal from the rich. However, unlike the famed thief, they aren’t really helping anyone else. Darkside also uses sophisticated manipulation tactics under the guise of a professional communication approach, which you can see in further detail here, to try and gain the trust of their victim. It almost seems like they are an actual company working with a client to make a deal. However, at the end of the day, they are still just criminals looking to steal. They are the latest showing in the rising trend of ransomware-as-a-service, which has seen an increase in revenue.
Targets on Critical Infrastructure
This attack confirms what the Cybersecurity and Infrastructure Security Agency (CISA) warned us about when they said that critical infrastructure, such as pipelines, will be targeted. That originally stemmed from another ransomware attack on an unnamed natural gas compression facility. Unfortunately, the US economy is very dependent on the energy-pipeline infrastructure, making it a prime target. The issues seen across different systems and networks are the lack of segmentation and no ability to isolate the critical systems from the other network. Hopefully, this incident will shine a light on the risks facing our infrastructure and can bring about an overhaul of cybersecurity for these systems.
If you are interested in learning more about how to protect your organization from ransomware, contact us today.