On 7 May, the American Colonial Pipeline Company (Colonial Pipeline) network, which operates the largest fuel pipeline in the US, was shut-down by a cyber-attack for several days causing fuel shortages, the highest fuel prices in years and the declaration of a state of emergency in four US states.
The US reported that a Russia-based hacker group was responsible for the attack and since, a group of cybercriminals known as ‘DarkSide’ have taken responsibility for the attack which worked by gaining access and scrambling the data held on Colonial Pipeline’s network. President Joe Biden has released a statement that there was no evidence to indicate that the Russian government was behind the attack despite the attack’s source. DarkSide has also stated that it was motivated by profit and not any political motivation.
Colonial Pipeline has now restarted its operations after reportedly paying a $5 million US ransom to the hackers to regain control of its systems. The US FBI and the Australian Cyber Security Centre (ACSC) maintain that victims of ransomware should not pay cyber criminals; however, in cases like the Colonial Pipeline attack, the impact of the attack and the cost and time associated with rebuilding systems from scratch may arguably be too high not to pay. As the pipeline has historically made over $400,000,000 a year, the sum would be equal to less than a week’s losses.
More recently, another Russian-based cybercriminal group called Nobelium targeted over 150 organisations. It has been suggested that these attacks were a continuation of the attacks by Nobelium on SolarWinds which allowed the hackers to infiltrate US government department networks in 2020.
The Australian Signals Directorate (ASD) and the ACSC has also found an increase in the frequency of ransomware attacks on Australian organisations. The most targeted sectors include critical infrastructure sectors like health, state and territory governments, education and research, transport and retail.
Ransomware attacks are a risk that all organisations face and it’s far better to minimise vulnerabilities than to face the consequences of an attack. It’s clear from attacks like these that large privately and publically run critical infrastructure organisations are just as much at risk as others.
The ASD and ACSC have advised all the normal precautions like using multi-factor authentication, performing regular backups and turning on ransomware protection – but this isn’t always enough, so having robust incident and data breach response plan in place is a must! Whether or not you should pay a hacker’s ransom is debateable and there may be a number of legal, policy and commercial considerations to content with; however, in this case the hackers chose a sum that made it very easy for Colonial Pipeline to make that choice.