Why Businesses Must Prioritise Ransomware Protection

A couple of weeks ago, news came out that a large pipeline operator in the US, Colonial Pipeline, was breached and infected by ransomware. Their systems were taken offline by an attack that encrypted all their data and demanded a ransom for it to be unlocked.

A couple of weeks ago, news came out that a large pipeline operator in the US, Colonial Pipeline, was breached and infected by ransomware. Their systems were taken offline by an attack that encrypted all their data and demanded a ransom for it to be unlocked.

The breach interrupted their business operations and caused massive panic-buying in the US as people started to queue in petrol stations to store fuel one way or another, and in a very unsafe manner. Some footage even showed people store their fuel in plastic shopping bags in a vain attempt to ensure they would have enough fuel to drive to work. Very dangerous!

At this point Colonial Pipeline had two choices, neither of which were good for the company. The first being to pay the ransom that the criminals were demanding. The second being to restore their systems from backups.

At first, Colonial Pipeline tried to negotiate the ransom demand and succeeded in getting it down to 5,000,000 USD. Once the company paid their ransom, the cyber criminals gave them the tools to unlock and decrypt their systems. Unfortunately, the process of decrypting their systems ran so slowly that it didn’t get Colonial Pipeline operations back to normal quickly enough.

The company had to run a parallel recovery process where they commenced restoring their systems from backups as, fortunately for them, their backups were not hit by this ransomware. Others have not been so lucky in similar situations. As this is published, Colonial Pipeline are still trying to bring their systems back online via a combination of both methods.

The big question we now ask ourselves is how did the criminals manage to hack their way into Colonial Pipeline’s systems? At this point in time, it is still not 100% clear. However based on public information, it looks likely the cyber criminals hacked their way through unpatched servers that were connected to the company’s corporate network and the Internet. Things like public facing Exchange servers are a prime target for cyber attacks as companies usually refuse downtime for patching them. But the reality is that we may never really know how Colonial Pipeline’s cyber criminals got in.

One thing is for sure, the company’s reputation has been massively damaged. Not only are their IT teams working overtime to make amends and bring their systems back online, but the flow-on effect for this situation is much wider. We now have consumers putting themselves at risk by panic-buying fuel and storing it in VERY unsafe conditions.

There are three things you can do to reduce the chance of being caught by ransomware.

  • Train your staff on the basics of IT security
  • Patch your systems to reduce the chances of hackers getting in
  • Regularly review and test your backups

At Orro, we can help and guide you through all these steps. Talk to us today.

Related Insights

28 July 2022

The Hybrid Workplace & the Need for ‘Zero Trust’ Security

Zero Trust – assuming by default that no-one, nowhere can be trusted – is a critical security component of the new hybrid, cloud-based workplace, where staff and systems no longer sit within the safety of the traditional office network perimeter.
16 September 2024

Consolidating Cyber Security Vendors: Simplify, Secure, and Strengthen Your Operations

By consolidating security services with a Managed Security Service Provider (MSSP), organisations can streamline operations, reduce costs, and enhance their overall cyber defence posture.
4 December 2024

CyberCon 2024: Building Resilience Amidst Emerging Cyber Threats

<span data-metadata=""><span data-buffer="">Explore our Resources

Education
post
Summer IT Sprints: A Smarter Way to Build Future-Ready Schools
ValidPro®
post
The EOFY IT Procurement Checklist: 5 Ways to Maximise Your IT Budget Before June 30
Critical Infrastructure
post
Why OT Visibility is the First Line of Defence Against Cyber Threats
Network
post
Navigating the Future of Enterprise Technology: Key Insights from Cisco ANZ CTO, Carl Solder
Cyber Security
post
Securing the Future: Preparing for the Quantum Threat in Cybersecurity 
Cyber Security
post
CyberCon 2024: Building Resilience Amidst Emerging Cyber Threats