One of the biggest cybersecurity stories in recent history is the ransomware attack on Colonial Pipeline. In fact, it is still impacting gas stations across the East and Southeast!
The pipeline spans from the Gulf Coast to the East Coast and transports about 2.5 million barrels of fuels and other refined petroleum products every day over a span of 5,500 miles. The Colonial Pipeline travels from Houston, Texas up through Linden, New Jersey.
On May 7, 2021, the company needed to temporarily shut down its pipeline operations due to a cyberattack. This had a far-reaching impact since the Colonial Pipeline supplies about 45% of the fuel supply used by the East Coast.
People began panic-buying and gas stations started running out of fuel. At least 12,000 gas stations across the East reported being empty and the shortage was felt across 11 states. Gas prices also began to rise above the $3 mark and there have been multiple reports of price gouging.
All of this came from a single ransomware attack and lack of proper cybersecurity.
On May 12th, Colonial Pipeline announced that operations had resumed. It is reported that the company paid close to $5 million in bitcoin ransom to the attackers to regain control of its systems.
The FBI has confirmed that the hacking group that perpetrated the attack is DarkSide. They are a criminal group that is suspected of being a Russia-based state-sponsored group.
An interesting thing to note about DarkSide is that it runs a ransomware-as-a-service operation. This means that it sells tools to help other bad actors carry out their own ransomware attacks. Unfortunately, this one-too-many model has been seen more often in the hacking world where hackers will sell “kits” with the ability to conduct all kinds of attacks.
Troubling Ransomware Statistics
Ransomware attacks happen to companies of all sizes and can be costly. Regardless of what type of business that you have, it is important to defend against these types of attacks.
Ransomware costs have been skyrocketing due to several factors:
- Companies that pay the ransom (like Colonial Pipeline did) embolden the hackers. Now they see this as a good way to make a lot of money.
- Hacking groups like DarkSide have made it easier for novices to conduct ransomware attacks through ransomware-as-a-service.
- Ransomware is a type of malware attack that offers a direct payout to the attacker instead of the hacker needing to steal data and then resell it.
According to the Sophos State of Ransomware 2021 report, the average cost of remediating a ransomware attack has more than doubled in the last year.
Cost of remediating a ransomware attack:
- 2020: $761,106
- 2021: $1.85 million
When you compare this to the average ransom demand being $170,404, you can see why companies end up paying a ransom to the attackers. It can cost 10 times more to undo the damage!
However, this just feeds into the cycle that causes more attacks and higher ransom demands.
Tips to Bolster Your Ransomware Defenses
The costs of becoming a victim of ransomware are high. This is especially true if you are a small business that can’t absorb the remediation costs. Fighting ransomware includes using multiple strategies to keep your devices and data protected.
Use Multi-Factor Authentication
Cloud applications can also be infected with ransomware. This type of attack isn’t just limited to computers and servers. One of the best ways to prevent breaches of your cloud accounts is through the use of multi-factor authentication for all of your logins.
Keep Your Network Continuously Monitored
You want to ensure that you have threat monitoring in place through managed IT support and systems like a firewall with advanced threat protection (ATP). ATP systems can identify threats and neutralize them without needing user interactions. This helps to stop ransomware and other malware before they can infect your system.
Use DNS Filtering
A majority of phishing attacks happen through malicious websites that trick users into clicking. DNS filtering can block a user from loading a page that injects their system and your network with malware.
Deploy Email Filtering
Email filtering is another important phishing defense. It can keep phishing and spam out of user inboxes. This significantly reduces your risk of falling victim to an attack.
Secure & Monitor Endpoints
Mobile devices now make up about 60% of the endpoints in a company. However, companies are often not properly protected from data being accessed by employee mobile devices.
It is important to have an endpoint device management system in place that allows you to properly secure employee devices that are used for business. This includes automatically applying updates and security policies and ensuring that they have malware protection.
Back Up All Business Data
If you’re hit with ransomware, you can drastically decrease the remediation costs if you have all your data (on-premises and cloud) properly backed up and easily recoverable.
It is important to use a backup and recovery system that is designed for fast recovery (not all are). This mitigates downtime costs, eliminates the need to pay a ransom and allows you to remediate the attack and return to normal operations quickly.
Is Your Business Properly Protected from Ransomware?
Sound Computers can help your Connecticut business ensure your IT security strategy has you properly protected against ransomware and other emerging threats.
Contact us today to schedule a free consultation. Call 860-577-8060 or reach us online.