The DarkSide attack on Colonial is yet another wake-up call for companies to harden their systems against ransomware. History suggests that might not happen despite new government guidance.
Many in mainstream media have characterized the DarkSide attack on Colonial Pipeline, which operates a significant portion of the nation’s critical energy infrastructure, as a wake-up call for CIOs and CISOs. If that is the case, then they are hard of hearing as this klaxon has been sounding for many years, as company after company fends off ransomware attacks.
[ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ]
A senior administration official, speaking on background, commented how “these incidents are a reminder that our adversaries will use multiple methods of attack, whether hunting for coding errors or compromising our supply chains to create opportunity.” The official continued how incidents such as the SolarWinds, Microsoft Exchange and the Colonial Pipeline attacks share commonalities. The first being, “a laissez-faire attitude toward cybersecurity.” The second being “poor software security and current market development of ‘build, sell, and maybe patch later.’”
The fallout from the attack is winding down with the company restarting operations the evening of May 12. Prior to the restart, the White House and the Cybersecurity and Infrastructure Security Agency (CISA) both issued updates and guidance for use by enterprises and small/medium businesses.
According to Bloomberg, $5 million in cryptocurrency was paid to the cybercriminal entity within hours of the attack, yet it still took Colonial days to bring their system online. Colonial in its most recent public statement makes no reference to having paid the ransom, focusing instead on assuring the markets that product was flowing and would be back to normal by end of day Thursday, May 13.