Three Major Questions Answered About the Colonial Pipeline Ransomware Cyberattack

This past weekend, a colossal cybersecurity attack on Colonial Pipeline Co., a major US pipeline spanning 5,500 miles long and transporting 45% of all jet fuel and gasoline consumed on the East Coast, sparked global outcry.  In fact, the attack is the most significant cyberattack on US critical infrastructure to date. 

FBI have confirmed that Eastern European online hacking group, DarkSide, is responsible for this compromise, plus three more attacks on three other companies that occurred this week. 

As we’ve now seen, cyberattacks aren’t just growing in frequency, but in scale as well—no person, company or organization is exempt.  That’s why it’s incredibly important to eliminate as many vulnerabilities to ourselves and our businesses as possible. 

Given the severity of this attack, there are plenty of questions as to how this impacts us personally and what we should be doing to safeguard ourselves—we’re here to share those answers with you.    

 

Q: What happens when you’re hit with ransomware?

What is ?

Ransomware is a form of malware that encrypts your files.  In short, the cybercriminal demands ransom in exchange for restored access to your own data.  Usually, there are varied instructions on how to pay the fee and regain access.  The costs can range anywhere from a few hundred dollars to thousands, or as we’ve seen here, millions. 

 

How does it work?

Email phishing is the most common point of entry.  In this scenario, you’ll receive email spam from the attacker masquerading people you trust such like leadership, law enforcement agencies, or other trusted organizations.  In the email, you’ll find malicious links or attachments disguised as trusted information and asking you to download.

The median small business received 94% of its detected malware by email, according to the 2021 Data Breach Investigations Report by Verizon.

Once you’ve clicked or downloaded the file, they can take over the computer and encrypt your files.  By the end, the files cannot be regained without a mathematical key only obtained by the attacker in exchange for Bitcoin payment—effectively holding some or all of your data hostage. 

 

Q: How can I prevent an attack on myself or my business?

The average downtime due to an attack is 21 days and on average it takes a business 287 days to fully recover from an attack, according to the US Chamber of Commerce.

 

If that statistic seems alarming, it should.  Cyberattacks on small businesses, especially, are on the rise in 2021—every organization is at risk. But beyond that:

• 43% of cyberattacks target small businesses
• Small businesses spend an average of $955,429 to restore normal business in the wake of successful attacks.
• Human error and system failure account for 52% of data security breaches. 

 

The best form of defense is to arm yourself and your employees with good security hygiene and practices.

 

To protect your organization’s data and assets, businesses should:

1. Develop and implement robust security policies.
2. Train your employees on safe cybersecurity practices. Have your managed service provider, or your IT department show employees how to identify email phishing, malicious links, and what actions to take once they have. 

 

Employees should:

1. Update. Keep all software, operating systems and applications up to date.  Doing this reduces the likelikhood of an attack.
2. Use strong passwords.  Always use long, complicated, and unique passwords.  Change them regularly and keep your personal passwords separate from work passwords.  This reduces the risk of a credential stuffing attack.
3. Use 2-Factor Authentication.  Add two-factor authentication to your accounts wherever possible.  Ask us how to implement onto your email systems.
4. Never open any links, attachments, or download any files from unknown senders.  Instead, go directly to the source to verify the validity of the message.  Never input your username or a password unless you’re 100% sure of the requester’s legitimacy.
5. Safely manage your inbox.  Only keep emails in your inbox as needed.  Delete any unnecessary emails that may contain sensitive information.

 

Q: How can I test how strong my security is today?

• Start by testing your own email phishing IQ and that of your team’s. Human error is the leading cause of cyberattacks so are defense tactics must lead with employee training.  Luckily, SonicWall has a great, online phishing IQ test that only takes about 10 minutes and will reveal your true ability to identify a phishing email. 
• See if you’ve been breached before. haveibeenpwned.com is another helpful tool to that allows you to search across multiple data breaches to see if your email address or phone number have ever been compromised.
• Analyze your passwords. If you haven’t already, invest in an online password manager like LastPass.

 

Continue to follow us as we uncover the latest developments in data protection, enterprise email security, and boosting productivity.

You can also find us on LinkedIn at Concept Technology Inc., Facebook at @concepttechnologyinc, and check in for Nashville’s latest happenings on Twitter at @ConceptTechInc.