The Colonial Pipeline Ransomware Cyberattack Takeaways

Latest on Internet Data Security

The Colonial Pipeline Ransomware Cyberattack Takeaways

The successful Colonial Pipeline ransomware cyberattack, which occurred on May 7, 2021, was the largest cyberattack the United States’ infrastructure has experienced in the past five years. The end result was the loss of a critical 5,500-mile fuel pipeline which provides 45% of jet, diesel, and gasoline for the east coast. The pipeline was shut down by Colonial as a precautionary measure in order to limit the extent of the cyberattack damages.

“Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline,” the company stated.

“The FBI and the White House confirmed Monday that the DarkSide ransomware variant was used in the Friday attack that caused disruptions at Colonial Pipeline Co. 1

In the wake of this disruption and expense, we now need to ask ourselves:

  1. What did we learn from this devastating cyberattack?
  2. What is our current level of risk?
  3. What proactive steps should now we take based upon Colonial’s experiences?

The Department of Homeland Security (DHS) Secretary Alejandro Mayorkas noted at the U.S. Chamber of Commerce’s Now & Then Speaker series on Wednesday, May 5 2021 that, “The losses from ransomware are staggering and the pace at which those losses are being realized are equally staggering,”…”As a matter of fact, small businesses comprise approximately one-half to three-quarters of the victims of ransomware,” 2

Blockchain analytics firm Elliptic published a bitcoin wallet report showing $90 million in bitcoin ransom payments were made to DarkSide or DarkSide affiliates over the last year, originating from 47 distinct wallets. According to a DarkTracer release of 2226 victim organizations since May of 2019, 99 organizations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million. 3

WE ARE AT RISK. Businesses of all sizes need to create a comprehensive protection plans to respond, contain, remediate, and quickly recover from any cyberattack of any scale – foreign or domestic. This strategy would include the following:

  1. increase efforts to educate users, who are often the first line of defense against ransomware and cyberattack threats
  2. diligently review all hyperlinks on all networks, ensuring they are not malicious and cannot be used as a vector to other efforts to breach networks
  3. review and test backup and restore procedures on a periodic basis, ensuring a thorough defense strategy is in place in order to maintain enterprise functionality while providing a complete data restoration in a timely manner thereby jeopardizing as little data as possible
  4. review and test infrastructure backup and restore procedures for cases where operating systems and other supporting hardware systems data may be compromised
  5. develop, test and exercise Incident Response Plan(s), identifying and prioritizing risks and making sure the detection and reaction phases are robust and timely
  6. continue to diligently scan all environments, making sure that malware and ransomware do not exist on any networks, either active or lying dormant

DarkSide is only one among many clandestine cybercriminal groups who think nothing of stealing your data and holding it hostage. Gartner reports that by 2025, 75 percent of IT organizations will face one or more attacks.

However, we are not alone in this fight. We can reach out to our known security group affiliations and work together to better protect our environments. In addition, we can be transparent with our user community, letting them know the urgency and importance of compliance and how they can help maintain a secure environment. With persistence and diligence, we can fight these cyber threats.

Unfortunately, Colonial paid the requested ransom (75 bitcoin, almost $5 million) within several hours after the cyberattack.


CISO Consulting, Inc

611 High St #91
Dedham , MA 02027

Phone: 617-506-1244