What We Can Learn from the Colonial Pipeline Ransomware Outbreak

The closure of one of the US' largest pipelines due to ransomware on Friday, May 7, serves as the latest reminder of the real-world consequences of a successful cyberattack. When ransomware linked to the DarkSide ransomware-as-a-service (RaaS) threat group struck Colonial Pipeline’s networks, likely via a phishing email, the company was forced to halt operations and freeze IT systems after over 100GB of corporate data was stolen in just two hours.

If anything highlights the severity of the modern email risk that all businesses face and the need for adaptive supplementary email security defenses, this is it. As cyberthreats continue to evolve, this is highly unlikely to be the last time we witness the widespread disruption and devastation that a ransomware attack can cause.

A top Biden administration cybersecurity official warned the Senate hearing that cyberattacks on the nation's infrastructure are "growing more sophisticated, frequent and aggressive."

"Malicious cyber actors today are dedicating time and resources towards researching, stealing, and exploiting vulnerabilities, using more complex attacks to avoid detection and developing new techniques to target information and communication technology supply chains," acting Cybersecurity and Infrastructure Security Agency Director Brandon Wales told the Senate Homeland Committee, whose hearing was focused on a spate of recent incidents impacting the US.

"That threat of ransomware is certainly by no means new," Department of Homeland Security Secretary Alejandro Mayorkas said at a press briefing at the White House later Tuesday. "As a matter of fact, last week I spoke ... about the gravity of the threat. More than $350 million in losses are attributable to ransomware attacks this year. "

He said that was more than a 300% increase over the previous year.

"There's no company too small to suffer a ransomware attack," Mayorkas added. "We are seeing increasingly small- and medium-sized businesses suffer ransomware attacks."

Overview on Ransomware Attack?

Ransomware is a type of malware designed to block access to a computer system until a sum of money in the form of untraceable Bitcoin is paid. It does this by encrypting a victim’s files until they have made the payment demanded by the attacker.

Ransomware can be delivered via multiple vectors, the majority of which utilize email. In a double extortion scheme, the attackers pilfer the data and threaten to publish it.

On Wednesday, The Washington Post reported that Colonial wasn't planning on paying a ransom to the hackers. Instead, it was working with a cybersecurity firm to restore data from backup systems, the paper reported, citing people who were familiar with the situation.

Learn why ransomware is a threat to your business and measures you can take now to safeguard your users, key assets and hard-earned reputation.