Ransomware is back in the headlines again with the Colonial Pipeline reporting that malware was discovered on its computer systems. The result of that discovery has caused a disruption in the gas supply system in the East Coast of the United States and will likely cause a spiraling effect on related businesses and the general public. This attack – and others like it – was perpetrated by hackers who infiltrate an organization’s IT infrastructure and hold its data hostage until a ransom is paid. The fallout of this sort of attack is incredible, and in this instance, the country’s critical gas supply has been compromised. As a result, the impact to our country’s critical resources will likely impact the cost of fuel for everyone. According to the BBC, Colonial has a pipeline that carries 2.5 million barrels a day, that is about 45% of the East Coast’s supply of diesel, petrol and jet fuel. Colonial was forced to shut down operations in order to protect itself from the spread of the malware, reportedly perpetrated by the DarkSide hacking group, which has been linked to similar attacks.
This event should come as no surprise; many cyber experts have been watching DarkSide and their ‘modus operandi’. Cybersecurity professionals have been sounding the alarm on nation-state and financially motivated attacks for well over a decade. The question is: as these attacks continue, is your business prepared?
As I write this blog, there is no “tried and true” way to stop hackers from exfiltrating data once they’ve managed to gain access to a network. If the network has been infiltrated, your only defense is having several ‘security check points’ or ‘roadblocks’ to slow the attack and give you time to shut down systems, which is how Colonial Pipeline responded. However, stopping the spread ultimately did not mitigate damage. DarkSide locked Colonial out of their systems, made their data inaccessible, and demanded ransom, costing the company lost revenue, loss of public trust, and lost time. In the end, the ransomware gang responsible for the attack stole nearly 100 gigabytes of business-critical data and threatened to leak it onto the internet. The key is to truly secure your data and remove the risk of infiltration altogether.
Though in the case of Colonial Pipeline, we don’t know exactly how the hackers were able to break into the network, there are some steps you can take to prevent a breach – or at least to reduce the probability of a major shut down and the exfiltration of data:
- Ensure Access to Data Won’t Be Compromised if a Hack Occurs
- Look at your backup strategy holistically across your entire environment.
- Ensure you can recover; test, test, test your recovery method.
- As soon as data fulfills its value in fast disk, tier it off to a cold data solution.
- Think differently: Consider a multi-layer approach to protect and recover backups.
- Prevent A Hack Before it Happens
- Understand your risk profile; Minimum damage if there are tight controls.
- What are your entry and exit points?
- Reduce the attack footprint/surface.
- Harden your systems (shut down the ‘nice’ to haves).
- Disable services like RDP (gateways, ports).
- Review Your Cyber-Hygiene
- Regular scan for vulnerabilities.
- Remediate findings.
- Understand the threat landscape and what you might be vulnerable to.
As you can see, it is important to choose the right security solutions to help secure a modern network infrastructure. If you don’t master your tools, someone else will master theirs. A modern technology solution should provide data “immutability” to protect and recover your assets in the case of a breach and secure your data with a multi-layer technology approach.
Check out an ebook to see some of the resources Quantum has prepared to address the concerns around ransomware, including how to create a proactive ransomware strategy with steps on how to secure your data with a multi-layer technology approach.