Why You Need to Pay Attention to the Colonial Pipeline Ransomware Attack

1. Ransomware has continued to get more sophisticated and more costly; and

2. Even large companies aren’t properly prepared with the basics of good cybersecurity practices.In the case of both attacks, the companies paid the ransom to attackers to get operations back up and running. Colonial Pipeline paid $4.4 million and JBS paid $11 million. When victims pay the ransom, it just lets the hackers know they have a good business model, and they continue to optimize their attacks to increase profits. 56% of ransomware victims pay the ransom to the attacker. Small and mid-sized companies need to take notice of the dangers of ransomware and properly prepare their network and devices to avoid a devastating attack.

Ransomware Lessons to Use for Strengthening Your IT Security Posture

Ransomware Continues to Get WorseRansomware is eclipsing other forms of malware because it’s so lucrative for criminals. It’s been adopted by large state-sponsored hacking groups like REvil as a way to generate large sums of money. Groups like this have also begun selling Ransomware as a Service (RaaS), a model copied from cloud SaaS tools. This means that even smaller, less experienced hackers can purchase a ransomware attack kit or service. The monetization of this type of malware has been one of the reasons that ransomware attacks grew 485% in 2020. 

Ransomware is Particularly DevastatingSome forms of malware, like adware, can be annoying and hurt productivity, but they don’t bring your operations to a standstill. Ransomware is particularly devastating because in most cases it causes operations of a business to shut down completely. In the case of JBS, nine meat-producing factories had to be shut down for nearly a week. Colonial Pipeline had to shut down its pipeline that supplies 45% of the fuel used by the U.S. East Coast for six days. Ransomware attacks files and spreads rapidly throughout a network. It uses an encryption key to scramble files so users can’t access them. This impacts all digital areas of a company that rely on data to operate. Because of the cost of downtime, companies will end up caving and paying the ransom to get operations running again. In both of these high-profile attacks, the companies defended their decision to pay the ransom saying they had a responsibility to customers to get operations up as soon as possible.

Ransomware Costs Keep Going UpBoth the cost of the ransom demands and the cost to a company to remediate a ransomware attack has been rising rapidly. This is another indicator that this type of attack has been a particularly successful money-maker for the attackers, thus they push the envelope, asking for even higher ransom amounts. Ransomware remediation costs include things like:

1. Emergency costs to remove the ransomware

2. Backup restoration costs

3. Lost business

4. Productivity losses

5. Downtime costs

6. Ongoing rebuilding of reputationOver the last 12 months, the remediation costs for ransomware have more than doubled from $761,106 in 2020 to $1.85 million in 2021. Small businesses that don’t take ransomware seriously or think they’re “too small” to be attacked, can end up with an attack that costs more than they can recover from. 60% of small businesses have to close their doors for good within 6 months of a cyberattack because they’re unprepared.

Companies Are At Risk from Simple Lack of Basic Cybersecurity HygieneA simple lack of best practices is at the heart of many of these ransomware attacks. In the case of Colonial Pipeline, the attacker got in through an unused VPN account that hadn’t been deactivated and was not protected with multi-factor authentication. Multi-factor authentication is one of the strongest deterrents for password compromise and account breaches. According to Microsoft, it can stop 99.9% of those types of attacks. Another basic of cybersecurity hygiene that companies seem to be lacking is the combination of a backup and recovery system and incident response drills. Many companies that pay a ransom actually have a backup. But they hadn’t paid attention to the recovery process of that backup method, and it ends up being long and complicated. So, they end up paying the ransom because they see that as a faster path for returning to operations. It's vital to work with an IT provider to put a smart managed backup strategy in place. One that includes a full image backup and function that can quickly recover data to systems. The restoration process also needs to be tested a few times a year in incident response drills, so everyone knows what to do in case of an attack.

Schedule a Ransomware Preparedness Audit TodayTexas I.T. Pros can help your Denton or Wise County business review your current preparedness to combat ransomware and help you put a protection strategy in place. Contact us today to learn more! Call 940-239-6500 or reach out online.