In May 2021, the Colonial Pipeline in the US was the victim of a ransomware attack. One of America's largest pipelines, carrying 45% of the East Coast's refined gas, the attack resulted in the Colonial Pipeline Company having to take all its IT systems offline while it 'contained the threat', completely halting the pipeline's operations. Consequently, fuel distribution across eastern America was severely impacted for more than one week.
The cybercriminal group DarkSide claimed responsibility for the attack which saw file-encrypting malware infecting the Colonial Pipeline Company's corporate computer network. While the attack itself was filled with technical intricacies, the end result called for a state of national emergency to be declared by President Joe Biden, with fuel prices increasing and consumers panic filling fuel containers.
Operations returned to normal after a 9-day shutdown, in which the Colonial Pipeline Company paid a ransom of $4.4 million to DarkSide. Some of the ransom has since been recovered by the US Department of Justice, but it's reflective of a concerning trend of paying up to attackers.
At the time, as many were trying to grapple with what happened, Clavister CEO, John Vestberg came to the forefront and provided invaluable insights for the media on the incident:
'The DarkSide ransomware attack on the Colonial Pipeline highlights the increasing risk cyber criminals pose to critical national infrastructure (CNI). CNI, such as oil and gas, is a prime target for these ransomware gangs - systems are underpinned by a myriad of complex information and operational technology devices and so the consequences if these are infiltrated can be devastating. Attacks on CNI risk become the norm if action is not taken.
'A proactive, rather than reactive approach is needed. Using predictive analytics and tools like AI or ML, for example, we can see malware morphing and behaving in certain ways and catch it sooner. Th DarkSide attack should serve as a warning; CNI systems are becoming more sophisticated and technical - especially as we enter the era of 5G which we will soon rely on. Going forward countries, cannot afford to have any weak spots and must step up their cyber security solutions to support the technology used.'
John's insights were picked up across technology, energy and cybersecurity media, with him even giving an exclusive interview to Tech Monitor. In the interview, he talks about the importance for companies to use cybersecurity to protect their infrastructure and the frequency of cyberattacks occurring in the energy sector. Also, he covers why many of these problems stem from legacy systems and their inability to keep pace with the advancement of ransomware attack techniques.
Verdict also went to John for his thoughts on the incident as an expert within the cybersecurity and tech space, including him alongside other international experts. The energy sector was also keen to get John's insights and World Pipelines Magazine dedicated an article to his comments on the attack. His views are also valued by the cybersecurity community, appearing in both IntelligentCISO and Industrial Cybersecurity Pulse.
The Colonial Pipeline incident is just one of many recent ransomware attacks to hit the news. The technique is becoming more popular among cybergangs, with it potentially providing huge bang for buck as more victims are paying up to get operations up and running again.
To find out how Clavister can help you mitigate the effects of ransomware, get in touch.
Look out for more blogs that show John's clearheaded insights on similar attacks and what a strong voice he is within the cybersecurity space.