{"id":7905,"date":"2021-05-24T19:10:32","date_gmt":"2021-05-24T19:10:32","guid":{"rendered":"https:\/\/stash.global\/?p=7905"},"modified":"2021-12-30T13:43:18","modified_gmt":"2021-12-30T13:43:18","slug":"what-lessons-can-we-all-take-from-the-colonial-pipeline-ransomware-attack","status":"publish","type":"post","link":"https:\/\/stash.global\/what-lessons-can-we-all-take-from-the-colonial-pipeline-ransomware-attack\/","title":{"rendered":"What Lessons Can We All Take From the Colonial Pipeline Ransomware Attack?"},"content":{"rendered":"
What is Ransomware? Malware typically comes in the form of trojan files which the user is tricked into opening because they appear legitimate. Sometimes the virus has been able to transfer itself freely between computers without the need for download, but that requires the attackers to gain access to a program already downloaded on the device.\u00a0<\/span><\/p>\n On a network accessed by multiple users, it only takes one to accidentally download a malware virus.\u00a0<\/span><\/p>\n The most dangerous of these attacks will completely block the victims out of critical systems and force a full shutdown to prevent further spread.\u00a0<\/span><\/p>\n If the victims are unprepared then their only options will be to ignore the attackers or pay the ransom. In 65% of cases, many files are never recovered \u2013 there is no guarantee that the problem will be solved.\u00a0<\/span><\/p>\n Though it is in the best interest of the attackers to hold up their end of the bargain as it legitimizes future attacks.\u00a0<\/span><\/p>\n <\/p>\n Who is Doing it?<\/strong><\/p>\n The scary thing is that anyone with a computer and the right information can create a malware attack.\u00a0<\/span><\/p>\n The earliest known Malware attack took the form of floppy disks sent in the mail and were traced back to their creator through his P.O. address.<\/span><\/a><\/p>\n The most damaging ones of course come from professionals. They can create sophisticated and targeted viruses that are largely untraceable, and accept their ransoms in untraceable bitcoin.\u00a0<\/span><\/p>\n More often than not they are in it for the money, and will go after companies or institutions that have a lot of money and weak digital infrastructures such as universities.\u00a0<\/span><\/p>\n People generally assume that all of the hackers are based in Russia or China. While some of the larger attacks can be traced back to these countries it really doesn\u2019t matter in the long run where the attacks originate. What matters is the damage they leave behind.<\/span><\/p>\n <\/p>\n Who Is Being Targeted?<\/strong><\/p>\n Hackers are after the money, right??<\/span>\u00a0<\/span><\/p>\n Well\u2013not exactly. They\u2019ll go after any device.\u00a0<\/span><\/p>\n Not even your phone is safe.\u00a0<\/span><\/p>\n The highest profile attacks target large companies or a huge volume of personal computers. Which means that even sitting in your home you could fall victim to an attack.\u00a0<\/span><\/p>\n All it takes is one person on your network to download one bad file and the entire system could become encrypted.\u00a0<\/span><\/p>\n Small businesses and schools are in danger as well because they generally have weaker infrastructure and security protocols, making them more vulnerable.\u00a0<\/span><\/p>\n A single ransomware attack can stop business operations for weeks<\/a>, and cost from hundreds of thousands to millions of dollars.\u00a0<\/span><\/p>\n <\/p>\n What happened to Colonial Pipeline?<\/strong><\/p>\n Colonial Pipeline is the largest refined products pipeline in the United States that provides fuel from Houston Texas to New York Harbor.\u00a0<\/span><\/p>\n On May 7th Colonial Pipeline fell victim to a ransomware attack that effectively shut down their entire system, and caused a gas shortage within the U.S. The FBI reported that the attack was enacted by an Eastern European group called DarkSide that specializes in digital extortion.\u00a0<\/span><\/p>\n Darkside has extracted $90 million from 47 victims since late October 2020. There are dozens of \u2018Darksides\u2019 in existence, and more born everyday. RaaS (Ransomware as a Service) proliferates on the Dark Web, making it easier than ever for Malware enthusiasts to participate in what is a golden age of ransomware carnage.<\/span><\/p>\n While the company initially reported that it would not pay the ransom they ended up sending hackers almost $5 million in untraceable cryptocurrency.\u00a0<\/span><\/p>\n Besides the impressive ransom, the company\u2019s backtracking is significant because it is unclear what forced them into it. They paid for an encryption key, which was reportedly slow in unlocking all of their data, but has since got them up and running.\u00a0<\/span><\/p>\n It is assumed that they either did not possess the proper backups or that the time it would have taken to put them into use was more damaging and costly than paying the ransom.\u00a0<\/span><\/p>\n Either way if they could have done anything to avoid paying the ransom Colonial Pipeline almost certainly would have.\u00a0<\/span><\/p>\n Regardless the attack had repercussions across the United States by causing a gas shortage. This is a trend that bears preparing for.<\/span><\/p>\n Recently the organization behind the attack apologized for picking such a socially controversial target, and claimed that they will be more careful in the future<\/a>.\u00a0<\/span><\/p>\n <\/p>\n Some Other Notable Attacks<\/strong><\/a><\/p>\n <\/p>\n What Happens If You Fall Victim to Ransomware?<\/strong><\/p>\n If you are targeted by a ransomware attack the first step will be an immediate action to shut down any systems that could make the problem worse.\u00a0<\/span><\/p>\n An unsophisticated attack can potentially be stopped by rebooting the system and downloading an anti-malware program, a tactic often deployed on home and personal devices. But that does not de-encrypt any files or retrieve stolen data.\u00a0<\/span><\/p>\n If the attackers access and threaten to leak private information, until now there has not been much you can do besides let them release it or pay their ransom\u2013 even if you do there is no guarantee the data will not be released.\u00a0<\/span><\/p>\n Likewise you can never be sure that they will actually give you the key to de-encrypt your files after you pay.\u00a0<\/span><\/p>\n The general consensus is that ransoms should not be paid because it will only encourage more of the attacks, but Colonial Pipeline has shown us that this is not always an option. Even after paying the ransom their shipping routes were still delayed.\u00a0<\/span><\/p>\n <\/p>\n What Can Be Done to Prevent Attacks<\/strong><\/p>\n There are security systems and software available that claim they can block ransomware attacks, the simplest of which you may already have downloaded on your home computer, and will protect you from any runofthemill malware.\u00a0<\/span><\/p>\n Windows and Apple also update their systems consistently making it harder for hackers to find and exploit weaknesses.\u00a0<\/span><\/p>\n Unfortunately, it only takes one attack to create havoc \u2013 and with 50 Billion connected devices and counting this is inevitable. Here are the best measures and protocols advisable today to mitigate the risk of Ransomware to the smallest degree:<\/span><\/p>\n <\/p>\n Many attacks are successful not because companies have done anything wrong, but because they aren\u2019t aware of what they can and should be doing to eradicate the potential damage resulting from these attacks.<\/span><\/p>\n WannaCry is a good example of a no-fault attack \u2013 this malware spread automatically and autonomously.<\/span><\/p>\n Outside of your own habits the best thing to do is pay for a service that provides extra protection, and possibly provides ransom insurance.\u00a0<\/span><\/p>\n STASH\u00ae provides their own data solutions utilizing encryption key management and backup protection<\/a>.<\/span><\/p>\n <\/p>\n Will Malware Ever Go Away?<\/strong><\/p>\n Short answer- no.\u00a0<\/span><\/p>\n New Ransomware strains are even more concerning.\u00a0<\/span><\/p>\n Babuk<\/span><\/a>\u00a0targets Linux and more specifically ESXi servers. ESXi is a popular virtualization platform offered by VMware. Virtualization platforms like ESXi have become a very lucrative target for many ransomware groups, like Defray\/RansomExx, Darkside, and Babuk.<\/span><\/p>\n Babuk is a relative newcomer in the wild west that is the current ransomware threat landscape. They first appeared at the beginning of 2021 and, like most ransomware gangs, initially focused exclusively on encrypting Windows systems. Over the past couple of months, however, they quickly evolved their platform to jump onto the growing trend of attacking Linux-based systems like ESXi as well.<\/span><\/p>\n Unfortunately, the velocity at which they evolved their platform came at the cost of quality. As a result, there are multiple fundamental design flaws within both the encrypting and decrypting<\/span>\u00a0parts of Babuk on ESXi, which can result in permanent data loss.\u00a0<\/span>As long as there are systems there will be a way to exploit them, and hackers are ruthless when it comes to figuring them out.\u00a0<\/span><\/p>\n The STASH\u00ae No Ransom Ransomware Protection & Recovery Solution was built to completely and seamlessly solve malware attacks like Colonial Pipeline. Simple to install, activate with the click of a button, recover data in real time without paying ransom. STASH\u00ae RPR mitigates the attack AND the attacker.\u00a0 Find out more\u00a0<\/span>here<\/a>.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":" What is Ransomware? Ransomware is a type of cyber attack that uses malware to access and tamper with data files. The attackers are able to view, download, and encrypt any files on the infected computer as well as delete them, and will threaten to release or block access to said data unless their ransom is […]<\/p>\n","protected":false},"author":4,"featured_media":7907,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","footnotes":""},"categories":[1],"tags":[44],"_links":{"self":[{"href":"https:\/\/stash.global\/wp-json\/wp\/v2\/posts\/7905"}],"collection":[{"href":"https:\/\/stash.global\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stash.global\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stash.global\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/stash.global\/wp-json\/wp\/v2\/comments?post=7905"}],"version-history":[{"count":0,"href":"https:\/\/stash.global\/wp-json\/wp\/v2\/posts\/7905\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/stash.global\/wp-json\/wp\/v2\/media\/7907"}],"wp:attachment":[{"href":"https:\/\/stash.global\/wp-json\/wp\/v2\/media?parent=7905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stash.global\/wp-json\/wp\/v2\/categories?post=7905"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stash.global\/wp-json\/wp\/v2\/tags?post=7905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n<\/strong>
\n<\/span>Ransomware is a type of cyber attack that uses malware to access and tamper with data files. The attackers are able to view, download, and encrypt any files on the infected computer as well as delete them, and will threaten to release or block access to said data unless their ransom is paid.\u00a0<\/span><\/p>\n\n
\n