Businesses Need Anti Ransomware Protection Now More Than Ever

The warning signs have been there for years, but no one really thought it could happen. This past month, hackers used a ransomware attack to shut down the digital systems controlling the pipeline that carries about half the fuel used by the East Coast of the US. On Saturday, May 8th, Colonial Pipeline, which operates the nearly 6000-mile petroleum pipeline that runs from Texas to New York, released a statement that confirmed reports that hackers had breached its network. In response, Colonial shut down the pipeline in an effort to contain the damage. The pipeline shutdown created consumer panic and short-term gasoline shortages. This latest example of critical infrastructure hacking just goes to show how commonplace and extreme the ransomware epidemic has become.

Security experts from all disciplines are calling this the most impactful hack of the energy supply chain in the US so far. This is just another attack, and there will certainly be more. Investigators familiar with the incident are saying that the ransomware gang known as Darkside is likely responsible. So far Darkside has attacked almost 50 organizations and demanded between $200,000 and $2 million payments from each of them.

Hackers are Emboldened by Success

Hackers have become increasingly active and bold in the past 18 months. They have shut down city governments in Atlanta and Baltimore, they have hacked court computers threatening to shut down the legal system, and they have extorted hospitals for tens of millions of dollars. Most victims don’t talk about their attacks for fear of ridicule, and the concern of exposing and publicizing their vulnerabilities. In return, hackers are increasingly seeking to attack industrial and commercial targets because they know those targets are soft, they are likely to pay, and they don’t employ the latest security technology. Momentive, Hydro Norsk, and Hexion were all victims of ransomware attacks in the past two years.

Hacker Attacks are Becoming More Damaging and More Expensive

Previous hacker attacks on infrastructure targets had shown that hackers gained access to both IT networks AND the operational technology that controls the infrastructure assets themselves. In the Colonial Pipeline case, no statements have been made about whether or not the actual control systems had been compromised to the point where the physical state of the system could have been changed to create an extremely dangerous situation.

However, merely gaining access to the IT network was enough of a warning that the company would have had to shut down the network to possibly prevent greater penetration by the hackers into more sensitive control systems. Experts agree that Colonial did the right thing by shutting down the network because they no longer had positive control over the environment, and had no line-of-sight visibility into the possible compromise of the pipeline’s control systems.

Ransomware attacks are expensive. According to a recent survey from Sophos:

  • The average cost of remediating a ransomware attack more than doubled in the last 12 months. Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of $761,106 in 2020 to $1.85 million in 2021. This means that the average cost of recovering from a ransomware attack is now 10 times the size of the ransom payment, on average.
  • The average ransom paid was $170,404. While $3.2 million was the highest payment out of those surveyed, the most common payment was $10,000. Ten organizations paid ransoms of $1 million or more.
  • The number of organizations that paid the ransom increased from 26% in 2020 to 32% in 2021, although fewer than one in 10 (8%) managed to get back all of their data.
  • Over 85% of ransom payments were made with cryptocurrencies.

There is an increasing trend towards hackers not returning 100% of the “ransomed” data even after being paid. On average, hackers will grant access to about 2/3 of their data after the ransom payment.

US Companies Must Invest in Anti-Ransomware Solutions

In the future, critical infrastructure providers in the US will have little choice but to bolster their defenses against an onslaught of loosely organized criminal hackers—whose disruptive capabilities and ambitions are only growing.

VBS is a leading reseller of anti-ransomware software. If you are concerned about ransomware, and network security in general, be sure to contact Virginia Business Systems for a no-obligation evaluation of your company’s security systems.

June 7th 2021