{"id":7905,"date":"2021-05-24T19:10:32","date_gmt":"2021-05-24T19:10:32","guid":{"rendered":"https:\/\/stash.global\/?p=7905"},"modified":"2021-12-30T13:43:18","modified_gmt":"2021-12-30T13:43:18","slug":"what-lessons-can-we-all-take-from-the-colonial-pipeline-ransomware-attack","status":"publish","type":"post","link":"https:\/\/stash.global\/what-lessons-can-we-all-take-from-the-colonial-pipeline-ransomware-attack\/","title":{"rendered":"What Lessons Can We All Take From the Colonial Pipeline Ransomware Attack?"},"content":{"rendered":"

What is Ransomware?
\n<\/strong>
\n<\/span>Ransomware is a type of cyber attack that uses malware to access and tamper with data files. The attackers are able to view, download, and encrypt any files on the infected computer as well as delete them, and will threaten to release or block access to said data unless their ransom is paid.\u00a0<\/span><\/p>\n

Malware typically comes in the form of trojan files which the user is tricked into opening because they appear legitimate. Sometimes the virus has been able to transfer itself freely between computers without the need for download, but that requires the attackers to gain access to a program already downloaded on the device.\u00a0<\/span><\/p>\n

On a network accessed by multiple users, it only takes one to accidentally download a malware virus.\u00a0<\/span><\/p>\n

The most dangerous of these attacks will completely block the victims out of critical systems and force a full shutdown to prevent further spread.\u00a0<\/span><\/p>\n

If the victims are unprepared then their only options will be to ignore the attackers or pay the ransom. In 65% of cases, many files are never recovered \u2013 there is no guarantee that the problem will be solved.\u00a0<\/span><\/p>\n

Though it is in the best interest of the attackers to hold up their end of the bargain as it legitimizes future attacks.\u00a0<\/span><\/p>\n

 <\/p>\n

Who is Doing it?<\/strong><\/p>\n

The scary thing is that anyone with a computer and the right information can create a malware attack.\u00a0<\/span><\/p>\n

The earliest known Malware attack took the form of floppy disks sent in the mail and were traced back to their creator through his P.O. address.<\/span><\/a><\/p>\n

The most damaging ones of course come from professionals. They can create sophisticated and targeted viruses that are largely untraceable, and accept their ransoms in untraceable bitcoin.\u00a0<\/span><\/p>\n

More often than not they are in it for the money, and will go after companies or institutions that have a lot of money and weak digital infrastructures such as universities.\u00a0<\/span><\/p>\n

People generally assume that all of the hackers are based in Russia or China. While some of the larger attacks can be traced back to these countries it really doesn\u2019t matter in the long run where the attacks originate. What matters is the damage they leave behind.<\/span><\/p>\n

 <\/p>\n

Who Is Being Targeted?<\/strong><\/p>\n

Hackers are after the money, right??<\/span>\u00a0<\/span><\/p>\n

Well\u2013not exactly. They\u2019ll go after any device.\u00a0<\/span><\/p>\n

Not even your phone is safe.\u00a0<\/span><\/p>\n

The highest profile attacks target large companies or a huge volume of personal computers. Which means that even sitting in your home you could fall victim to an attack.\u00a0<\/span><\/p>\n

All it takes is one person on your network to download one bad file and the entire system could become encrypted.\u00a0<\/span><\/p>\n

Small businesses and schools are in danger as well because they generally have weaker infrastructure and security protocols, making them more vulnerable.\u00a0<\/span><\/p>\n

A single ransomware attack can stop business operations for weeks<\/a>, and cost from hundreds of thousands to millions of dollars.\u00a0<\/span><\/p>\n

 <\/p>\n

What happened to Colonial Pipeline?<\/strong><\/p>\n

Colonial Pipeline is the largest refined products pipeline in the United States that provides fuel from Houston Texas to New York Harbor.\u00a0<\/span><\/p>\n

On May 7th Colonial Pipeline fell victim to a ransomware attack that effectively shut down their entire system, and caused a gas shortage within the U.S. The FBI reported that the attack was enacted by an Eastern European group called DarkSide that specializes in digital extortion.\u00a0<\/span><\/p>\n

Darkside has extracted $90 million from 47 victims since late October 2020. There are dozens of \u2018Darksides\u2019 in existence, and more born everyday. RaaS (Ransomware as a Service) proliferates on the Dark Web, making it easier than ever for Malware enthusiasts to participate in what is a golden age of ransomware carnage.<\/span><\/p>\n

While the company initially reported that it would not pay the ransom they ended up sending hackers almost $5 million in untraceable cryptocurrency.\u00a0<\/span><\/p>\n

Besides the impressive ransom, the company\u2019s backtracking is significant because it is unclear what forced them into it. They paid for an encryption key, which was reportedly slow in unlocking all of their data, but has since got them up and running.\u00a0<\/span><\/p>\n

It is assumed that they either did not possess the proper backups or that the time it would have taken to put them into use was more damaging and costly than paying the ransom.\u00a0<\/span><\/p>\n

Either way if they could have done anything to avoid paying the ransom Colonial Pipeline almost certainly would have.\u00a0<\/span><\/p>\n

Regardless the attack had repercussions across the United States by causing a gas shortage. This is a trend that bears preparing for.<\/span><\/p>\n

Recently the organization behind the attack apologized for picking such a socially controversial target, and claimed that they will be more careful in the future<\/a>.\u00a0<\/span><\/p>\n

 <\/p>\n

Some Other Notable Attacks<\/strong><\/a><\/p>\n