The Colonial Pipeline ransomware attack is potentially one of the worst cyberattacks to have happened this decade. A hacker group known as DarkSide stole nearly 100GB of data from the Colonial Pipeline servers before locking them down and demanding a ransom. Colonial Pipeline, with the assistance of FBI, paid around 5 million dollars to recover its systems.
And it didn’t stop there.
The decryption tool provided by the hacker group was so slow that Colonial Pipeline had to use its own backups to get its systems back online. It cost Colonial Pipeline even more than the ransom, probably tens of millions of dollars, to restore its systems completely.
So, what is Colonial Pipeline and how did this all start?
What is Colonial Pipeline?
Colonial Pipeline operates the largest gas pipeline system in the United States.
Its services extend over 5,500 miles stretching from Texas to New Jersey.
It transports around 100 million gallons of fuel per day including gasoline, diesel, and heating oil.
Seven airports get their jet fuel directly from Colonial Pipeline.
Nearly 45% of USA’s east coast including New York, Washington D.C., Florida, Georgia, and the Carolinas get their fuel from Colonial Pipeline.
How did the ransomware attack happen?
One leaked password.
Yes, you read that right. The attack vector was a single leaked password to an active VPN account that was no longer in use. Since multi-factor authentication was not enforced, the hackers only needed the username and the breached password to infiltrate Colonial Pipeline’s network.
Following the ransomware attack, Colonial Pipeline took its systems offline to contain the threat. This, in turn, led to panic-buying, shortages, and the highest spike in fuel prices since 2014.
FBI- and CISA-recommended strategies to prevent ransomware attacks
Native tools and traditional approaches to cybersecurity are no longer sufficient to combat the large-scale, sophisticated attacks waged by cyberattackers. In our webinar, FBI and CISA recommendations to prevent ransomware attacks, our product experts will cover:
The timeline of the attack.
How the attackers got into Colonial Pipeline’s network.
The FBI and CISA’s recommendations to prevent ransomware attacks.
How to implement these recommendations across your IT environment.
Too busy? Register anyway and we’ll share a recording of the webinar for you to watch when it’s convenient.
ADSelfService Plus is an integrated self-service password management and multi-factor authentication solution with power-packed features to secure your organization from credential-based cyberattacks and prevent malware attacks. Want to explore our tool? Schedule a free demo with our product experts.
You can also try out ADSelfService Plus for yourself with an exclusive, free, 30-day trial.
The post The Colonial Pipeline hack uncovered: FBI- and CISA-recommended security measures appeared first on ManageEngine Blog.
*** This is a Security Bloggers Network syndicated blog from ManageEngine Blog authored by Sharon Raj. Read the original post at: https://blogs.manageengine.com/corporate/general/2021/10/20/the-colonial-pipeline-hack-uncovered-fbi-and-cisa-recommended-security-measures.html