Colonial Pipeline Ransomware

What Did We Learn?

What we know about the Colonial Pipeline attack and how it CAN happen to your small business!

Major news outlets and the CEO of Colonial have confirmed a multi-million dollar ransom was paid for the restoration of the Pipeline’s IT systems. DarkSide, a Russian hacker group, is the reported catalyst of the attack.

If you are not sure what the Colonial Pipeline Ransomware attack was, here is a quick review:

1. Many companies now drive production through a series of software applications that monitor and gauge systems throughout a process. Colonial Pipeline is one such company.

Companies of ANY size store data somewhere – and that data is integral to the operation of the business.

2. A group of hackers infiltrated the IT systems (computers and network servers) of Colonial Pipeline and locked a large amount of data so that it was inaccessible to company operations. The hacker group demanded a hefty payment in order to restore data back to Colonial Pipeline.

Although this particular case has large consequences attached to the stoppage of production, even small businesses have data that could halt their work. For example, law firms, health practices, and financial consultants all have personal data from their clients and patients stored somewhere. That could have huge legal and business altering consequences.

3. Systems were shut down and fuel lines were stopped for several days while company officials worked to determine the cause and reach of the attack.

If this happened at your small or medium sized business, and you had to stop operations for a couple days to sort out the details of the attack, how would that affect your overall productivity?

4. A ransom payment reportedly in the $4 million range was given to the hacker group while IT systems were restored to normal operation.

The ransom required for a business with sensitive information may not be in the millions but it could very likely be a large amount in a sum that could cripple your business and cause you to close your doors.

So what does all of this mean?

You might say, whatever this is, it’s targeting large-scale operations with effects that reach the general public. It’s larger than anything that would attack your business. That would be correct in this particular situation, but would be incorrect in general terms.

However, there’s an uncomfortable truth here that we don’t want to talk about. The truth about it all is that it quite literally could happen to any business of any size… and IT HAS! There have been medical practices, law offices, small manufacturing facilities, and more hit by attacks like this. Even more uncomfortable, if it happens to a small business, chances are you won’t have the resources to pay the ransom and you could lose everything!

But how can it be avoided?

Many of the most common security breaches happen because of a lack of basic security measures. At the least, companies of any size should be protecting computer networks and systems with passwords and should be sure to have backup and recovery plans in place.

Even more, companies with sensitive client or patient data should be vigilant with the handling of information. There should be privacy, multi-layered authentication, ongoing systems monitoring, and regular server backups.

All of these simple security measures can be achieved with the help of an IT professional.