On May the 7th the US based company Colonial Pipeline was breached by a ransomware attack perpetrated by a cyber-criminal group known as DarkSide. Colonial Pipeline is a private firm that controls the major US pipeline carrying gasoline, diesel, and fuel from Houston Texas on the Gulf Coast to the New York Harbor. The attack occurred in Colonials’ back office last week, prompting Colonial to shut down the pipeline as a security precaution, and for the FBI to issue an emergency alert on the fears that this ransomware could spread. As of this week, Darkside has formally been named as the perpetrator of the attack by the FBI. Darkside has stated that its purpose was the extortion of money, and not the disruption of services.
Ransomware – What is it, and am I at risk?
What is it?
What is ransomware? Ransomware is the illegitimate use of a legitimate encryption process. Activated ransomware launches an attack by enticing a user to unsuspectingly click on an executable script. The script then communicates with a command-and-control server to trigger the encryption of all accessible files vectored from the point of activation. Typically, this is the user’s computer and all accessible server drives, and paths that the user has permission to, resulting in unreadable and unusable data throughout the network. The ransomware threat actor builds in a graphic warning whose purpose is to inform the user what has occurred and to detail the next steps in recovering those files that have been encrypted. Ultimately the threat actor extorts money from the victim’s business by demanding a large payment in the form of cryptocurrency in exchange for the private key to un-encrypt those files and restore normal operation.
Am I at risk?
All companies both public and private should be aware and on alert for ransomware and its vectors of attack. Ransomware is often delivered by website or email content often flying under the radar and falling outside the user’s virus and malware protection software.
Ransomware: Mitigating and avoiding the risk
Defense in depth is key to preventing, protecting, and minimizing the risk of a ransomware attack and loss of critical data assets. The first line of defense is cultivating an informed and educated user base on email and web browsing best practices (Quarterly security training and best practices training). Users should be educated, alerted and on the lookout for suspicious email attachments, the use of “quick to click” habits on the web and how to avoid those threats.
Perimeter email spam and antivirus are vital to catching threats of all types. Additionally, common antivirus and malware programs are also an essential key component in protecting against ransomware, malware, and viruses at the end-user level.
Beyond the scope of Windows workstation and Windows server nodes, firewall configuration and hardening on the network’s edge can also serve as an important line of defense.
Finally, a solid backup strategy leveraging onsite and encrypted offsite storage components.
LBMC can help your organization develop a hardened defense in-depth cybersecurity strategy, and assisting with mitigating threats and ransomware attacks. We have information security services and managed IT solutions to improve your security posture. If you have questions, please call (615) 377-4600 or email firstname.lastname@example.org.