#ransomware #colonialpipeline #malware #darkside
Cyber criminals using ransomware have been around for a long time however in the last 5 years or so they have changed their methods of attack from private citizens to larger, more lucrative victims. In the last few years, hackers have focused on the bigger medical institutions and in May 2021 they sent their malware into the U.S. privately owned company of Colonial Pipeline. The results? Colonial Pipeline who supplies 45% of the fuel to the U.S. East Coast shut down for days, causing a multi-state panic, gas shortages, gas hoarding, and cost the company $4.4 million to get rid of the virus. The question is: will businesses around the world finally sit up and take notice?
Who Did It?
The perpetrators of the takedown are a Russian network group called “Dark Side.” This attack comes as no surprise to cybersecurity experts who have been warning energy companies around the globe of their vulnerability. The method used to install the ransomware malware still hasn’t been confirmed but it’s believed that they probably used the same old tried-and-true format of an infected attachment sent to an employee email. Once opened, the virus quickly takes over the staff member’s computer, encrypts the major files so that no one can access them and then seeks out the network to do the same. The de-encryption key is offered in exchange for payment, hence it is “ransomed.”
Companies Ignore the Warnings
It appears that the warnings that were given to Colonial Pipeline in 2018 regarding their badly designed and supported information management practices for security went unheeded. An outside audit of the organization found that their IT setup was “a patchwork of poorly connected and secured systems”….an eighth-grader could have hacked into the system.” However, Colonial Pipeline is not the only one to blame for the bad security. A 2019 European cybersecurity research group found that 26,000 U.S. industrial-controlled systems, including energy, chemical companies, and dams, had internet configurations that were poorly maintained and left them vulnerable to a cyber attack. The U.S. companies are just a small sampling of how cybersecurity is ignored as a priority around the world. Although it appears that this group of criminals were not “state-backed,” there are others such as the attack on the Saudi petrochemical facility that the Saudi government attributed to Iran and the Mexican state energy company that got hit by ransomware.
What Companies Can Do
Businesses need to recognise that these kinds of attacks are not only easy to accomplish but are based on the lack of education by employees. A first step to protect company assets is to have a cybersecurity specialist company come in and review the infrastructure and set up of IT and the network, make recommendations for changes, and institute high-level security firewalls. The second step is to establish a company-wide education system to let staff know what to look for and how to avoid falling prey to these criminals.
Originally published at https://davinciforensics.co.za.