Recently, ransomware has taken to the forefront in national news. The most prevalent ransomware attack, the one perpetrated against Colonial Pipeline by the now-defunct "Dark Side" hackers, has served to remind businesses about the risks of ransomware. What happened to Colonial Pipeline? What should businesses do to learn from Colonial Pipeline's response? What should a business avoid?
What happened to Colonial Pipeline?
Colonial Pipeline, a Georgia based operator of fuel pipelines, had its billing software compromised by Dark Side's ransomware attack.1 Following this, Colonial Pipeline took proactive measures to (1) shut down their systems; (2) evaluate the issue; and (3) safely brought systems back on line after ensuring that they were not compromised.
Following this, Colonial Pipeline did eventually pay the 4.4 million dollar ransom demand from Dark Side. What it got in return was a decryption key, as promised, which ended up being slower than Colonial Pipeline's own backups.2 The ultimate result of this event being an initial cost of $4.4 million, in addition to lost profits, additional security costs, reputational costs, and litigation costs as consumers had filed a class-action lawsuit to hold Colonial Pipeline accountable for their perceived lapse in security.3 Further, the fall-out from Colonial Pipeline had prompted additional cybersecurity efforts and changes by the Biden administration, including proposed regulations requiring pipeline companies to inform the Department of Homeland Security of cybersecurity incidents within 12 hours, in addition to keeping a cybersecurity coordinator on staff at all times, and reviews of current security measures.