Colonial Pipeline Ransomware Attack - What it Means for You
On May 8, 2021, the world learned that Colonial Pipeline was the victim of a ransomware cyber attack. Colonial Pipeline is the operator of the largest gasoline pipeline in the United States. A ransomware attack locks out users of computers and/or computer networks by encrypting data, holding it hostage until the victim pays a fee, typically in cryptocurrency. in some ransomware attacks, upon payment of the ransom the attacker provides the decryption key so normal operations can resume, while in others the attacker has no intention of restoring full access.
For U.S. consumers, the attack likely means a temporary inconvenience, with prices at the pump increasing in some areas. For others, the implications are far more consequential.
First, for any organization, this attack is yet another reminder that data should be regularly backed up and/or maintained offline. Although many don't like talking to the tech nerds in their organizations, it behooves senior management to take an active role in understanding how data is being backed up and secured, and to make sure there are tested plans in place in the event of a ransomware attack or data breach.
Second, for our government, this attack should be a wake-up call that in addition to securing its own data (see: SolarWinds data breach), it must develop a more robust effort to help detect, deter, and prevent cyber-intrusions, both on its own and in partnership with the private sector. It's possible that the Colonial Pipeline ransomware attack was conducted solely to collect the ransom. But what if the next attacker is more sophisticated, utilizing the attack in conjunction with options trading to manipulate the stock market (see: The Dark Knight Rises, 2012)? Or for terrorists or state actors, targeting other vulnerable infrastructure, such as components of the power grid or water treatment plants? It is far easier and cheaper to get hold of hacking software and a laptop than fissile material, and the damage can be more extensive.
Cybersecurity awareness, planning, training, and investments are critical. This is true for the smallest companies, and the largest governments. There is no instant, easy solution to stop all such ransomware attacks, but organizations and governments must proactively take steps to safeguard their systems and data (and ours), in order to minimize the potential harm that could come from yet unseen worst case scenarios.