Infrastructure Ransomware Attacks Are Spiking. What Businesses Can Learn from the Colonial Pipeline Attack

A ransomware attack forced the Colonial Pipeline to halt systems for 5,500 miles of pipeline, cutting off crucial gas supplies on the East Coast.
By: | May 20, 2021
Topics: Cyber | Energy

Americans swarmed gas stations in early May after a cyber attack on a major fuel pipeline caused many to hoard gasoline despite government advisories not to.

People filled containers from storage bins to plastic bags with fuel after a 5,500 mile pipeline was shut down in the wake of a ransomware attack on company networks.

On May 7, hackers used ransomware to target company drives for Colonial Pipeline, the privately held company that operates the pipeline, leading to a complete shutdown as company officials feared that attackers might have obtained information in the data breach that would enable them to attack vulnerable parts of the pipeline, the New York Times reports.

Though the pipeline was back up and running by May 12, the attack spurred federal investigations, gas hoarding and it raised questions about the ability of the energy sector to withstand attacks.

The Colonial Pipeline Attack by the Numbers

  • Cyber attackers used ransomware to breach the computer network of a company the operates a  5,500 mile pipeline in Texas that carries gasoline, diesel and jet fuel from Texas up the East Coast to New York.
  • The attack caused the operator, Colonial Pipeline to pay attackers a 75 bitcoin ransom — or almost $5 million — in an effort to restore service quickly, Wired reports.
  • The pipeline is responsible for providing the East Coast with 45% of its fuel supplies.
  • The attack caused gas prices in Georgia and a few other states to rise eight to ten cents per gallon.

In the Wake of the Attack the Threat of Ransomware Looms

The Colonial Pipeline attack demonstrates the growing risk of the ransomware-as-a-service business model, in which organized networks of hackers develop and sell malware to be used by cyber criminals who then try to extort payments from individuals and organizations.

In 2020, researchers noted a 62% increase in ransomware attacks globally, and 158% spike in North America compared to 2019.

“[Businesses] should not ignore the need for cyber security,” said Regine Bonneau, Founder and CEO of the security compliance and cyber risk management solutions firm RB Advisory.

In response to the Colonial Pipeline attack, The Energy Department, the F.B.I. and the White House have been looking into the details and a preliminary investigation confirmed that the hacker group DarkSide was behind the attack.

The group is a prime example of just how organized and business-like ransomware attacks have become. DarkSide extorted $90 million in bitcoin payments from 47 other victims over nine months before disbanding in early May, Forbes reports.

Though ransomware as a whole is becoming more widespread due to groups like these, some industries are especially vulnerable. Health care, public sector and energy companies are likely targets for attacks because cyber criminals believe they can force these businesses to pay ransoms using life-or-death threats.

Additionally, energy and public sector entities are at increased risks due to outdated infrastructure that can be vulnerable to breaches and the amount of public facing applications they possess. A 2020 report from Corvus found that governments have a 33% larger attack surface on average when compared to other organizations.

“Most of them operate on legacy equipment, equipment,” Bonneau said. “There’s no real investment right because the mindset is if it’s not broken, why fix it?”

Cyber Security Lessons Business Can Take Away from the Attack

As the threat of ransomware and other cyber attacks increases, businesses need to increase their cybersecurity measures, especially if they’re in a sector that is vulnerable to attacks.

Cyber security experts agree that one of the best ways to end ransomware attacks is to stop payments and Treasury Department’s Office of Foreign Assets Control (OFAC) has issued an advisory stating businesses that pay ransomware demands could face penalties.

Still, the decision of whether or not to pay a ransomware demand, isn’t so simple.

Businesses could feel pressured to pay a ransomware demand in order to resume operations, especially if people’s lives or health could be at risk due to a loss of services. The number of businesses that paid a ransom after an attack increased from 26% in 2020 to 32% in 2021.

“We’re all about containment,” Bonneau said. “How quickly can we contain this before it actually goes all over … and cripples the network.”

Insurance companies have also come under fire for encouraging  payments because the cost of prolonged recovery from attacks can exceed coverage limits on cyber security policies which can spur victims to give into ransomware demands in order to limit their losses.

To help prevent attacks, businesses need to make cyber security a top-priority, Bonneau said. Working with a cyber security expert to conduct a risk assessment, holding consistent training for employees and conducting quarterly testing of internal and external networks can help make organizations less vulnerable to attacks. &

Courtney DuChene is a freelance journalist based in Philadelphia. She can be reached at [email protected].

More from Risk & Insurance