TechTalk Detroit EP 033: Colonial Pipeline Ransomware Attack
“We can’t talk tech without talking about this particular hack.”
On episode 33 of TechTalk Detroit, Chuck and Brian discuss a major current event that’s been all over the news — the ransomware attack on the Colonial Pipeline.
The Colonial Pipeline Ransomware Attack
The hack shut down 5500 miles of gas pipelines, crippled the east coast gas industry, and cost the company $5 million.
DarkSide is the hacker group behind this particular attack. According to a recent article published by CNBC, DarkSide has received $90 million in ransom payments over the last 9 months.
Average payout per company/victim is $1.9 million (2:25). When you pay, there’s also no guarantee you’ll get your data back.
“Things that didn’t seem realistic 15-20 years ago — this is the new norm — this is what we’re dealing with and the landscape we’re in,” says Brian (2:55).
Hack Victims (3:17)
Government sectors, hospitals, cities — we’ve seen a wide range of industries and companies hit by ransomware attacks. With a payout that high, unfortunately for smaller businesses, getting hit could mean closing its doors.
Last week, there were two more hacks that took place. These hacks aren’t going away anytime soon.
Ransomware Changes (4:07)
Things have changed when it comes to ransomware.
Previously, hackers had made it so they stole data and made it inaccessible until receiving a payout. Recently, hackers have been taking a different approach (5:05). Not only are they encrypting your data so you can’t access it, they’re also stealing it, and threatening to leak it.
Lines of Defense (5:40)
- Patch the vulnerability
- Roll back your data with a robust backup solution
Hackers know about these solutions. So, it’s great that you can restore your data, but what about your data being exploited? (6:25).
Exploitation: The Beginning of the End (6:30)
From a PR standpoint, this is an absolute nightmare — having to put out press releases notifying clients that their data has been compromised.
What would it mean if your data was captured, and how would your clients react? If you lost clients, how much would that cost you on top of having to pay the ransom? (7:30).
Ransomware as a Service (8:20)
There’s Software as a Service (SaaS), Hardware as a Service (HaaS), Cloud as a Service (Caas) — what about Ransomware as a Service? DarkSide develops and markets these ransomware tools to sell them to others who then deploy the ransomware attack.
“The criminals, no matter what the angle is, they’re always a step ahead of law enforcement.” (9:30).
How Do Your Protect Your Business from a Ransomware Attack? (10:08)
The likely scenario of how the Colonial Pipeline ransomware attack began (10:42).
Things to consider to protect your business from attacks:
- Security Awareness Training
- Making sure your staff knows what to look for and what to be suspicious of is important (11:13).
- Have a strong security policy (12:03).
- You have to have a clear policy on what your users are and are not allowed to do.
- Security Alerts (12:30).
- Are your alerts active and timely?
- “There’s no such thing as ‘enough.'” (12:52).
- Limit your email address usage (14:13).
- Password Requirements (15:54).
- Know the best practices for your passwords.
- Do you need to go above and beyond the minimum password requirements?
If a major gas production company of this size is vulnerable, as a SMB owner, it’s a valid concern as to whether or not you have the basic security measures in place.
Contact Vision or visit our library and FAQ page to educate yourself on security best practices.
Check out some of our past TechTalk Detroit episodes:
TechTalk Detroit EP 32: A New Hybrid Work Environment
TechTalk Detroit EP 31: Microsoft Exchange Hack – Why You Should Be Using Cloud Email
TechTalk Detroit EP 30: Microsoft 365 Add-Ons You Should Be Using