Colonial Pipeline Ransomware Attack

Jarrett Kolthoff | June 10th, 2021


On Friday, May 7, the Colonial Pipeline disclosed a ransomware attack that they said forced the company to halt operations and freeze IT systems. The Colonial Pipeline in Georgia supplies about 45% of the East Coast’s fuel which includes gasoline, diesel, military supplies, and other useful resources. They transport over 100 million gallons of fuel in a day across the Eastern United States.

The threat group responsible for the Colonial Pipeline ransomware attack is assumed to be the DarkSide threat group, but it’s possible other threat actors could be claiming DarkSide in order to get in the news. “DarkSide” operators claimed they did not intend to disrupt the operations of the pipeline and they only wanted to achieve financial gain. Unfortunately, their attack was not as precise as planned and they effectively gained operational control of the organization, as of April 2021, via compromised VPN credentials.  The Threat Actors initiated a dual extortion effort by stealing 100GBs of data and threatening to disclose, in addition to encrypting the environment. Gas prices skyrocketed due to the operational impact on the Colonial Pipeline and the inability to distribute gasoline, which caused mass hysteria with those who felt compelled to buy more gas in fear of the shortage only increasing the prices.

Fallout of Colonial Pipeline Ransomware Attack

This particular fallout proves how modern-day ransomware attacks have severe real-world implications. On May 12 at 11 CT, five days after operations had initially stopped, the percentage of all stations in states without gasoline: GA 10.4%, AL 1.1%, TN 1.0%, SC 8.3%, NC 16.0%, FL 3.4%, 10.2%, and MD 1.6%.

When organizations endure ransomware attacks, the biggest toll taken on the company is likely due to the business disruption. This is one of the reasons Joseph Blount, the CEO of the Colonial Pipeline, decided to make the ransom payment of almost $5 million after consulting with a third-party firm. He was faced with the decision of recovering without his company’s data or paying the ransom to restore operations quickly. The bottom line is that ransomware attacks are a no-win situation.

There are a few things everyone can learn from the Colonial Pipeline ransomware attack.  When ransomware goes beyond the digital world and starts to affect society in such a way as the pipeline, more people become aware of the impact it can have. In terms of general cyber awareness, attacks on this scale can be a positive.

On the other hand, there aren’t many things that can devastate organizations like ransomware attacks. Attempting to recover from these attacks by utilizing internal resources, downtime from a ransomware attack takes at least 18 days before your organization is fully recovered. It is the number one threat to your business in today’s climate, but there are ways to mitigate these threats. Engage with a cybersecurity firm and allow them to provide their services to protect your business. Profit is precious, so don’t give the lurking threat actors a chance to steal it.

The easy response would be to begin implementing plans for cybersecurity and bolstering their infrastructure, although simply throwing capital at these issues is not enough.  Executive Leadership MUST begin asking the tough questions to their CIOs and other technical stewards within their organization – “Can we defend ourselves and respond to these attacks – 24/7?”  The truthful answer 90% of the time is no – internal resources are not combatting these threats 24/7 and are exposed to various unknown attack methodologies.

As a leader in your organization, having a security firm with a security operations center protecting your organization 24/7 will relieve the headache and strategic risk of dealing with these attacks. It will also lower the chances you’ll be hit by these threat actors in the first place. Be proactive because cyber threats are sophisticated, relentless, yet arbitrary at times. Everyone in this industry understands it’s a matter of when, not if, and you should, too.


Connect With Us

Featured Articles

Cuttlefish Malware
Cuttlefish Malware: A New Threat to Routers and Traffic Monitoring
24 May 2024
Security Awareness Training
Security Awareness Training Crucial Role
22 May 2024
Phishing Campaign Assessments
Phishing Campaign Assessments Can Be Effective For Companies
20 May 2024
Incident Response Planning
Incident Response Planning: Why It's Important
17 May 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.