Add to collection(s) Add to saved
  1. No category
Uploaded by Shahad Alsultan

ransomeware case study cp

advertisement 
Ransomware Case Study
Colonial Pipeline
By Shahad A. Alsultan
Ransomware is a type of malicious software that encrypts files
and demands payment in cryptocurrency, leading to loss of
data, disruption of operations, and financial losses.
Ransomware
Ransomware attacks are continuing to rise, with global
damages reaching over $20 billion in 2020. In the first quarter
of 2021 alone, there were a reported 304.6 million ransomware
attacks worldwide.
The healthcare, education, and government sectors are
among the most targeted industries for ransomware attacks.
Additionally, the cost of ransom payments has also increased,
with the highest reported to be $50 million. The rise in remote
work due to the COVID-19 pandemic has also contributed to
the increase in ransomware attacks.
Colonial Pipeline Company is a transportation and energy company based in Alpharetta,
Georgia, USA. The company is a major distributor of gasoline, diesel fuel, and other refined
petroleum products.
In May 2021, Colonial Pipeline suffered a cyberattack that resulted in the shutdown of its operations. The
attack was carried out by a ransomware group known as DarkSide, who demanded a ransom payment in
exchange for restoring access to Colonial Pipeline's systems. The shutdown of the pipeline caused
significant disruptions in the fuel supply chain, leading to fuel shortages and price spikes in several states.
Colonial Pipeline later confirmed that the attackers had gained access to its systems through a
compromised account belonging to an employee. The company worked with law enforcement and
cybersecurity experts to investigate the breach and restore its operations. It also announced plans to
enhance its security measures to prevent future attacks.
1
2
Timeline
Colonial Pipeline Attack
April 29: Colonial Pipeline discovers it has been hit by a ransomware attack
and shuts down its pipeline system, which spans from Texas to New Jersey
and supplies fuel to nearly half of the U.S. East Coast.
May 7: Colonial Pipeline pays a ransom of $4.4 million to the
cybercriminals responsible for the attack.
3
May 8: The U.S. Department of Homeland Security's Transportation Security
Administration issues a new cybersecurity directive for pipeline operators, requiring
them to report any cyber incidents within 12 hours.
4
May 10: Colonial Pipeline begins to restart its pipeline system after several days
of shutdown, but warns that it will take several days for fuel supplies to be fully
restored in affected areas.
5
May 11: The FBI confirms that the cybercriminal group responsible for the attack
is DarkSide, a ransomware gang believed to operate out of Eastern Europe.
6
May 12: The CEOs of Colonial Pipeline, the American Petroleum Institute, and
other major energy companies testify before Congress on the cyber attack and
its impact on the energy sector.
7
May 13: President Biden signs an executive order aimed at improving
U.S. cybersecurity and preventing future cyber attacks, including on
critical infrastructure like pipelines.
May 14: DarkSide issues a statement indicating that it is shutting down its
Timeline
8
Colonial Pipeline Attack
operations, citing pressure from law enforcement and losing access to its servers
and other infrastructure.
Reports emerge that Colonial Pipeline paid the ransomware gang much faster
than usual, leading some experts to speculate that the company had prepared
for a potential attack and had a plan in place to quickly deal with it.
9
May 19: The Department of Justice announces that it has recovered
$2.3 million of the ransom paid by Colonial Pipeline, representing a
significant victory in the fight against ransomware.
The attack highlighted
several vulnerabilities in the
energy sector's critical
infrastructure. Several
contributing factors
allowed the attack to occur
Vulnerabilities
Outdated software and
systems:
Colonial Pipeline was reported
to be running an outdated
version of Microsoft Exchange
software, which had several
known vulnerabilities that
could be exploited by
attackers.
Weak passwords and
insufficient security controls:
The attackers were able to
gain access to Colonial
Pipeline's network by
exploiting weak passwords
and insufficient two-factor
authentication security
controls.
and escalate, including
inadequate cybersecurity
Lack of network
segmentation:
measures, outdated and
unsupported software
systems, and a lack of
contingency planning.
Colonial Pipeline's IT
infrastructure was not
adequately segmented,
allowing the attackers to move
laterally within the network
and gain access to critical
systems.
Human error:
According to a U.S.
cybersecurity agency, the
attack was initiated by a single
compromised account
belonging to a Colonial
employee who had access to
the company's virtual private
network (VPN) and did not
have multi-factor
authentication enabled.
Prevention
Costs
1. Shutting down of the largest fuel pipeline in the United
States, leading to fuel shortages and price spikes in parts
of the country.
2.
Disruption of fuel supply to major airports in the East
Coast, causing flight cancellations and delays.
3. Loss of revenue and profits for Colonial Pipeline, as well
as its customers.
4. Cost of investigating and mitigating the attack, including
ransom payments to the hackers who caused the
incident.
5.
6.
Damage to the reputation of Colonial Pipeline and the
broader energy industry.
Potential risks to national security and critical
infrastructure, as the attack exposed vulnerabilities in the
nation's energy supply chain.
1. Regularly update and patch software and hardware systems to
reduce vulnerabilities.
2. Implement multi-factor authentication for all employees and
contractors accessing critical systems.
3. Limit access to sensitive systems and data to only those with a
legitimate need for access.
4. Conduct regular security training and awareness programs to
educate employees and contractors about the latest threats and
attack methods.
5. Regularly test and assess the security of critical systems and
networks to identify vulnerabilities and address them promptly.
References
1. Palmer, Danny (2022, March 25) What is ransomware? Everything you need to know about one of the biggest menaces
on the web. Retrieved from: https://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggestmenaces-on-the-web/
2. Tsvetanov, Tsvetan (2021) The effect of the Colonial Pipeline shutdown on gasoline prices.
Retrieved from: https://www.sciencedirect.com/science/article/abs/pii/S0165176521003992#preview-section-abstrac
3. Kerner, Sean (2o22, April 26) Colonial Pipeline hack explained: Everything you need to know. Retrieved from :
https://www.techtarget.com/whatis/feature/Colonial-Pipeline-hack-explained-Everything-you-need-toknow#:~:text=The%20Colonial%20Pipeline%20hack%20is,directly%20compromised%20during%20the%20attack.
4. Vishwanath, Arun (2021,may 13) The failures that led to the Colonial Pipeline ransomware attack. Retrieved from:
https://edition.cnn.com/2021/05/13/opinions/colonial-pipeline-ransomware-attack-was-stoppable-vishwanath/index.html
Related documents
Social Studies Native American Regions
Social Studies Native American Regions
poster-4-stop-clicking-suspicious-emails
poster-4-stop-clicking-suspicious-emails
AP U.S. HISTORY MS. HARRIS/MR. WAGENBERG THREE
AP U.S. HISTORY MS. HARRIS/MR. WAGENBERG THREE
Homework #3 - The Hansen Hut
Homework #3 - The Hansen Hut
Structural Engineering
Structural Engineering
Download
advertisement