On 10 May 2021, the US Federal Bureau of Investigation issued a statement confirming that the DarkSide ransomware network was responsible for an attack that seized operations of Colonial Pipeline. Reports indicate that DarkSide’s ransomware attack breached Colonial’s IT system on 7 May, causing Colonial to shut down pipeline operations.
The Colonial Pipeline is the largest fuel pipeline in the US, carrying more than 100 million gallons along the US East Coast every day and reaching around 50 million Americans. This accounts for 45% of the East Coast's supply, according to Colonial Pipeline.
The DarkSide attack demonstrates how impactful malicious cyber-attacks can be. This attack also shines a spotlight on the rise in what is known as ransomware franchises, which provide hackers with sophisticated tools that can be used to conduct cyber-attacks. By providing threat actors with hacking tools, ransomware-as-a-service has created a lower barrier to entry for attackers, leading to a rise in attacks.
In the energy sector, owners and operators protect critical infrastructure from a relentless stream of sophisticated threats. A hacker targeting a company in the energy supply chain can expose pressure points that will give rise to massive ripple effects when disrupted, even if this was not the attacker’s intention. Had ransomware successfully breached industrial control systems, the outcome could have been far more devastating and potentially resulted in physical outcomes.
More striking, however, is that when separated from its potential massive impact, the DarkSide pipeline attack was a relatively routine occurrence in today’s business environment. A well-known threat actor, DarkSide provided ransomware-as-a-service to an affiliated network of attackers. And they are not alone.
Ransomware remains a scourge across all industries, including the energy sector, and will persist so long as:
While organisations cannot eliminate ransomware as a risk, they can — and should — take steps proactively to prepare for an attack. Consider in advance how you would manage a ransomware attack: before, during, and after.
Below you will find a high-level set of recommendations to help you do so:
You can find step-by-step guidance on preparing for a ransomware attack here.
You cannot completely eliminate the risk of ransomware attacks, but you can — and should — plan for them. Preparation is essential, and its importance cannot be overstated. Having a well thought-out plan will enable your organisation to reduce the impact of an attack through appropriate cybersecurity controls and potentially transfer residual risk via cyber insurance. Effective preparation can help you build a cyber-resilient organisation that is well prepared to manage cyber-attacks.