Security news special edition: the Colonial ransomware attack

The big security news last week was about the ransomware attack on the Colonial oil pipeline. As it illustrates many aspects of a very serious threat to our business infrastructure, we’re dedicating a special edition of the security and privacy news to explore what happened and what are the implications.

What happened?

While there have been many ransomware attacks in the US and other countries, they seemed to be just minor nuisances, until Ransomware Finally Came for the One Thing Americans Care About: Gas Prices. Shortly after the impact was realized, the F.B.I. Confirms Group Responsible for Hack of a Top U.S. Pipeline. The feds got involved, and FBI, CISA publish alert on DarkSide ransomware.

This did not prevent that Gas shortages worsen as fuel prices spike after Colonial Pipeline ransomware attack and Some gas stations run dry after motorists rush to fill their tanks as pipeline shutdown continues

Trying to end the problem, Colonial Pipeline paid close to $5 million in ransomware blackmail payment and now the Hacked Pipeline Is Now Delivering ‘Millions of Gallons’ an Hour, Owner Says

The reactions

Looking to understand how this could happen, Researchers track down five affiliates of DarkSide ransomware service and DarkSide Ransomware Group Loses Server Access After US Moves to Disrupt Operations and the US cracks down on 'bulletproof hosting' providers that enabled malware attacks Even the Russian-language cybercriminal forum ‘XSS’ bans DarkSide and other ransomware groups. To cut potential future losses, and to discourage companies from paying ransom, AXA pledges to stop reimbursing ransom payments for French ransomware victims

Other ransomware attacks

As was to be expected, the Colonial hack was not the only ransomware attack:

• Toshiba unit struck by DarkSide ransomware group

• Ransomware attack on healthcare admin company CaptureRx exposes multiple providers across United States

• Ransomware: 'We won't pay ransom,' says Ireland after attack on health service

• New ransomware: CISA warns over FiveHands file-encrypting malware variant

• Ransomware crooks post cops’ psych evaluations after talks with DC police stall

What’s next?

Ransomware just got very real. And it's likely to get worse In fact, some people believe that Ransomware attacks could reach ‘pandemic’ proportions. The pipeline hackers view their attacks as a standard business: Pipeline Hackers Say They’re ‘Apolitical,’ Will Choose Targets More Carefully Next Time As a consequence, US pipeline ransomware attack serves as fair warning to persistent corporate inertia over security. They’ll have to stop viewing the security of their operations as their customers’ problem. What can we do about it? Survive by outrunning the guy next to you!