Ransomware attacks can be devastating. Just ask Colonial Pipeline, an organization responsible for transporting nearly half of the United States’ east coast fuel.
When they were attacked on May 7, 2021, they were forced to halt operations unless risk the virus further damaging their systems. Several hours passed before the group responsible offered a solution; pay them 4.4 million in USD, and they would offer the software that would free Colonial’s systems. The disaster even prompted President Biden to declare a state of emergency, fearing potential nationwide gas shortages. The headline in all of this, however, was that they wanted to be paid in bitcoin.
Colonial, stuck in an impossible situation, paid that ransom. And for their payment, they were sent a piece of slow-moving software that would eventually free their systems from the ransomware.
The following days saw many news organizations and talking-heads calling out for the regulation, or banning of cryptocurrency. The reason these attackers were so brazen, after all, was because they had an easy getaway, crypto is indeed notoriously difficult to track. Of course, they were all missing the point.
No one was asking how the ransomware was able to infiltrate Colonial’s systems in the first place.
That reason, by the way, was a single compromised password that led to an active VPN account that was no longer being used. Making things worse, the attack was also simplified by the fact Colonial Pipeline wasn’t using two-factor authentication.
A multi-billion-dollar company brought to its knees, not by cryptocurrency, but by a single compromised password on an account that should have been disabled. That’s not deft hacking, friends, that’s lazy (or overburdened) I.T. Someone majorly dropped the ball.
In the end the FBI managed to recover a part of the money ransomed, but that’s hardly solace for other businesses in the grip of an attack.
And the sad truth is, we’re likely to see more of these kinds of attacks, not because of the rising value of bitcoin, but because more and more organizations have cut corners when it comes to the management of their I.T. Something as simple as enforcing a policy to routinely expire and replace passwords would have saved Colonial from the embarrassment, let alone removing the active VPN account no longer in use. These are basic measures.
The lesson, businesses both large and small should routinely check in on their I.T. practices, and audit their infrastructure for vulnerabilities. There’s no magic bullet that’ll stop these attacks from happening, but there are best practices, and it’s imperative that they’re followed.
To find out if Keystone can help maintain, manage, and secure your I.T. infrastructure, contact us today. Every relationship with us starts with a conversation.