By now, I’m sure you’ve already been inundated with all the news about the US’s largest gasoline pipeline being shut down and restarted because of a ransomware attack. As reported by the New York Times, “One of the nation’s largest pipelines, which carries refined gasoline and jet fuel from Texas up the East Coast to New York, was forced to shut down after being hit by ransomware in a vivid demonstration of the vulnerability of energy infrastructure to cyberattacks.”
This is one of the very scenarios that cybersecurity experts have warned about for years: that a cyberattack would impact a significant piece of critical infrastructure. This is our new reality… and it’s time for a reckoning.
A few details
I think that the reality of this attack really hit me this morning when I noticed the stock widget on my phone; the two top stories had to do with the economic impact of the pipeline attack. Then, about 30 minutes after seeing these headlines, a coworker mentioned that she was looking at airline flights last week. Then she went to book her flight today and the price was three times as high.
Source: Yahoo! Finance
Earlier today, the FBI attributed the attack to the DarkSide cybercriminal gang. As reported by CBS, “DarkSide is among ransomware gangs that have "professionalized" a criminal industry that has cost Western nations tens of billions of dollars in losses in the past three years.
DarkSide claims it doesn't attack hospitals and nursing homes, educational or government targets and that it donates a portion of its take to charity.”
Cybersecurity vendor Varonis also notes that,
“[t]he Darkside ransomware group announced their RaaS (Ransomware-as-a-Service) in August of 2020 via a ‘press release.’ Since then, they have become known for their professional operations and large ransoms. They provide web chat support to victims, build intricate data leak storage systems with redundancy, and perform financial analysis of victims prior to attacking.
The group’s name, Darkside, evokes the image of a good guy (or gal) that has turned from the light. While we can’t conclude that the group is comprised of former IT security professionals, their attacks reveal a deep knowledge of their victims’ infrastructure, security technologies, and weaknesses.
They have publicly stated that they prefer not to attack hospitals, schools, non-profits, and governments, but rather big organizations that can afford to pay large ransoms.”
The Time for Reckoning Has Come
There are a few things here that we can’t afford to ignore or be ignorant of.
- Ransomware is on the rise… again. And ransomware gangs are getting more creative – and destructive – than ever before.
- Phishing is often the initial infection vector for ransomware. That means that you can’t afford to ignore your human layer security.
- Ransomware can cripple a business, damage an economy, or potentially threaten life.
- Even paying the ransom doesn’t mean everything will be OK. You still have to deal with downtime, loss of revenue, negative press, and more. And you probably won’t even get your data back. As Sophos’, “The State of Ransomware in 2021” points out, only about 8% of ransomware victims get their data back. That is a sobering and devastating reality check.