We do IT differently.

Call 844.750.4170 for more information.

The Colonial Pipeline, Crypto Currency and Crime.
May 28, 2021

The Colonial Pipeline, Crypto Currency and Crime.

Last week a ransomware attack knocked the Colonial Pipeline offline, and it’s kind of a big deal. They ended up paying their attackers $5 dollars. Let’s look at what happened and how this might impact cyber security in the future.


The Attack

If I asked you where the gas you put in your car comes from, you might tell me Sheetz. If you live on the East Coast, there’s a possibility that before it shows up at your gas station of choice it traveled through the Colonial Pipeline. Almost half of the diesel and gasoline consumed on the East Coast is from this particular pipeline.

On Friday a cyberattack knocked this pipeline offline. The FBI confirmed on Monday that a criminal group originating from Russia called “DarkSide” was responsible for the attack. The Colonial Pipeline is the largest refined products pipeline in the United States and a very important part of our nation’s infrastructure.


The Payout

Colonial Pipeline paid a 75 bitcoin, worth as much as $5 million, to gain back control of their systems. This decision has faced a lot of criticism and controversy. People say that giving in to hackers demands will only increase the number of ransomware attacks in the future.

The FBI and other law enforcement have discouraged victims of ransomware attacks from paying their attackers, but many organizations go ahead with it anyway. They either don’t have the backup infrastructure to recover the data or decided that it would just be quicker and easier to pay.

The best practices going forward is unclear. Researchers and policymakers agree that the best-case scenario would be for everyone to stop paying. If no one gave in there would be no reason to conduct these attacks and they would soon stop. However, it is more likely that companies would pay in secret due to the above-mentioned reasons.


The Impact

The Colonial Pipeline transports more than 100 million gallons of fuel daily from the Gulf Coast to the East Coast. US gasoline demand jumped 20% on Monday compared to the prior week. In 5 East Coast states served by the Colonial Pipeline demand was up over 40%.

The national price at the pump hit $2.98 on Tuesday, the highest level in nearly six years.  Governors of East coast states took different steps to try to mitigate the impact. Consumers were cautioned against panic buying, but we did see some dangerous instances of it. Please never put trash bags full of gasoline in the truck of your car. This was not a shortage of gasoline rather the inability to get it where it needs to go.

The Colonial Pipeline Company is a privately held firm based in Georgia. Darkside actually attacked the company’s business network instead of the operational technology network that controls the pipeline. It was Colonial’s choice to take down its OT network as well to contain the damage. They were able to regain controls of their system on Wednesday and are fully operational again.


The Importance of Cybersecurity

This shutdown has shown a spotlight on the importance of cybersecurity and the threat cyberattacks pose to key infrastructure systems. However, these types of attacks are not new, in 2017 the WannaCry attacks locked up computer systems at hospitals, banks and phone companies.  Russia used cyberwarfare to shutdown part of Ukraine’s power grid in 2015 and it is reported that a Russian government-sponsored group gained access to control rooms of US electric utilities in 2017. Just a few months ago we wrote a blog about the SolarWinds hack, which used tainted software to penetrate multiple US federal agencies.

It’s clear that better cybersecurity for our infrastructure is important, but you don’t need to be a large operation to be targeted by cybercrime. You should also make sure you have the proper backup procedures in place, so your only option is not to pay you attacker. Ransomware is reported to attack a business every 14 seconds. 71% of companies targeted by ransomware attacks have been infected. Give us a call at 412-722-7070 to learn how we can protect your business from cybercrime.