The breach interrupted their business operations and caused massive panic-buying in the US as people started to queue in petrol stations to store fuel one way or another, and in a very unsafe manner. Some footage even showed people store their fuel in plastic shopping bags in a vain attempt to ensure they would have enough fuel to drive to work. Very dangerous!
The dilemma: To pay or to restore?
At this point Colonial Pipeline had two choices, neither of which were good for the company. The first being to pay the ransom that the criminals were demanding. The second being to restore their systems from backups. This highlights why having a pre-defined strategy for ransomware protection for your business is so vital before a crisis hits.
At first, Colonial Pipeline tried to negotiate the ransom demand and succeeded in getting it down to 5,000,000 USD. Once the company paid their ransom, the cyber criminals gave them the tools to unlock and decrypt their systems. Unfortunately, the process of decrypting their systems ran so slowly that it didn’t get Colonial Pipeline operations back to normal quickly enough.
The company had to run a parallel recovery process where they commenced restoring their systems from backups as, fortunately for them, their backups were not hit by this ransomware. According to the CISA Ransomware Guide, maintaining offline, encrypted backups is a core component of defensive architecture. Others have not been so lucky in similar situations.
The big question we now ask ourselves is how did the criminals manage to hack their way into Colonial Pipeline’s systems? At this point in time, it is still not 100% clear. However based on public information, it looks likely the cyber criminals hacked their way through unpatched servers that were connected to the company’s corporate network and the Internet. Things like public facing Exchange servers are a prime target for cyber attacks as companies usually refuse downtime for patching them. But the reality is that we may never really know how Colonial Pipeline’s cyber criminals got in.
One thing is for sure, the company’s reputation has been massively damaged. Not only are their IT teams working overtime to make amends and bring their systems back online, but the flow-on effect for this situation is much wider. We now have consumers putting themselves at risk by panic-buying fuel and storing it in VERY unsafe conditions. This social chaos underscores the need for comprehensive ransomware protection for your business.
Three things you can do to improve ransomware protection for your business
- Train your staff on the basics of IT security
- Patch your systems to reduce the chances of hackers getting in
- Regularly review and test your backups to ensure ransomware protection for your business is functional
Establishing effective ransomware protection for your business means moving beyond a “set and forget” mentality. When security is treated as a continuous improvement process rather than a one-time project, your organisation becomes a much harder target for opportunistic attackers. This proactive stance is what separates resilient businesses from those that suffer extended downtime and reputational fallout.
At Orro, we can help and guide you through all these steps. We assist you in meeting your compliance goals while keeping your team focused on what they do best, ensuring that every operational layer is protected without compromise. Our role as your partner is to ensure ransomware protection for your business is simple to manage and easy to maintain.
Is your business prepared for a ransomware threat?
Talk to us today to see how we can help you build a resilient security posture.
