Ransomware and Zero Trust
Big News – a ransomware attack that not only extorted $4.4 million – a ridiculous amount of money – but also resulted in a shutdown of a 5,500-miles pipeline system transporting more than 100 million gallons of gasoline, diesel, jet fuel, and heating oil per day. That’s roughly 45% of the fuel consumed on the Eastern Seaboard between the Gulf Coast and the New York metro area – this got a lot of attention, for a lot of reasons!
The Colonial Pipeline is a Georgia-based company. A known hacker group targeted this company, hitting it with a ransomware attack. Basically, the hackers lock up the company’s computer systems by encrypting the data. Then they demand a large sum of money after which they ‘promise’ to send the code to unencrypt the data (which may or may not work, if you get it). Ransomware attacks reportedly increased 300% in 2020 alone, in just the US – it’s BIG money.
This known hacker group is a professional criminal group that has cost Western nations tens of billions of dollars in losses in the past 3 years, per a CBSnews report. They claim to be a Robin-hood-type group. They seem to think their policy to not hack hospitals, nursing homes, educational, or government targets somehow makes them altruistic – what? News alert: cutting off fuel between Texas and the North East impacts every one of these industries. Some of the news articles out there imply that the shutdown wasn’t their intention, they were ‘just extorting money’; as if that makes it OK or less egregious?
In the future, we’ll probably get more details about how they were hacked. For now, news sources are saying this was related to a lack of security updates; we’ll see. On May 8th, the Colonial Pipeline announced they had been hit with ransomware. The attack was focused on the Operations part of the business, not the fuel delivery systems, but the company shut it all down, just in case. What else could they do? They had to err on the side of caution.
A few months ago, we shared some updates from ID Agent about 3 top US breaches involving ransomware – a Minnesota healthcare system, a short line railway, and a medical lab. In these cases, they actually stole personal data with the goal of selling it on the Dark Web; another lucrative business.
This kind of attack usually requires someone to have been sloppy – clicked a link that they shouldn’t have; downloaded something from a website; poorly maintained equipment; weak passwords. So now there’s a new concept – the idea of Zero Trust has been out there for a little while, but we’re pretty sure you’re going to hear a lot more about it in the coming months. Zero Trust starts with the idea of ‘never trust,’ always assume a breach. If you come from a position of Zero Trust, you verify every device, application, and every identity, in all cases. This is in line with the Multi-Factor Authentication (MFA) push by many businesses as they try to stay ahead of hackers and the social engineering designed to trick people into giving up personal data or ‘opening the door’ in an environment. In both Zero Trust and MFA, the idea is that you have to have a second step to prove you are who you say you are.
If you Google ‘Zero Trust’ you’ll find quite a bit of info including some Microsoft videos about the topic and how their tools are helping provide security and safety. Check out our previous articles and videos about implementing MFA, too.
So, what about your business? Could you be down for 5 days? You wouldn’t know who owes you money or how much; no access to what you owe or to whom; no ability to cut checks or enter cash receipts; can’t run a payroll; no access to Word docs, Excel, PDF’s, drawings, pictures – all of it held for ransom. How about a $200K ransom payment? Not to mention all the IT costs to recover everything, the lost work time, and then, if you get the data back, you have to enter 5 days’ worth of data. Then when all of this is done, you still need to make those security changes.
We have a better idea – take action now. Educate your staff on social engineering tricks, continuously; replace end-of-life equipment; replace out-of-date software; update patches and firmware on your devices; setup MFA on critical systems; be sure you have off-site backups and test that you can recover the data; get some decent passwords in place and enforce them. Need help? This is what we do, so let’s dig in! – CMW