On May 6, 2021, hackers from the cybergang DarkSide gained access to Colonial Pipeline's network and proceeded to steal 100 gigabytes (GB) worth of data before holding it ransom for 75 bitcoin — almost $5 million.
To give context, 100 GB of information can hold approximately 59,500 pictures, 1,600 hours of music, or 700 hours of video content. That's a lot of information. On May 7, 2021, Colonial Pipeline paid the ransom and shut down all pipeline operations along with some IT systems to minimize the spread of the threat. It wasn't until five days later, on May 12, when pipeline operations were finally restored. Over these five days, panic spread through the Southeastern U.S. as countless people rushed to gas stations to fill whatever containers they could find, and the federal government declared a state of emergency. How did this nationwide panic begin? DarkSide was able to access one of Colonial Pipeline's older VPN networks secured by just one password.
What is ransomware?
Ransomware does what its name suggests. It is malware that infects your computer and encrypts your files so you can't access them. When you try to access the encrypted files, a screen notifying you of the encryption pops up and demands you pay a ransom to the hacker to regain access. If this happens to you, the most important thing to remember is the following: Do not pay the ransom. There are no guarantees the hacker will return your access.
How does ransomware infect my network?
By using social engineering, hackers can gain access to your information in a couple of different ways.
- Phishing: emails, phone calls, or text messages from someone posing as a legitimate organization with the goal of convincing individuals to provide sensitive information.
- Data Exfiltration: unapproved transfer of information from one computing device to another. This is not limited to computers. Data exfiltration can occur via smartphone, tablet, or computer.
Read more about social engineering and other cybersecurity threats.
How do I protect against ransomware?
Unfortunately, there isn't a big, easy way to protect yourself completely against ransomware. Life would be much easier if there was. The best way to defend yourself against ransomware attacks is by practicing the following "Do's and Don'ts" of cybersecurity.
What do I do if I am a ransomware victim?
The most important thing to remember if you are the subject of a ransomware attack is this: Do not pay the ransom. In the event of a ransomware event, take the following steps:
- Isolate the infection. Remove your computer from any networks, shared storage, and other computers it may be connected to. This will help limit the spread of malware.
- Identify the infection as best you can. Check out this free ransomware strain identification website, called ID Ransomware. ID Ransomware currently detects 1,004 different strains of ransomware and is continuously growing.
- Report the ransomware attack to the authorities. You can find a list of helpful reporting resources for different countries here. In your report, be sure to provide as much information as possible.
- Determine your options. Ultimately, you have a few options. You can pay the ransom, even though it is not recommended. You can work with a professional and attempt to remove the malware and then selectively restore your system. Or you can wipe everything and start from scratch.
Is ransomware covered by insurance?
Ransomware attacks may be covered by cyber privacy insurance policies, but every policy varies. A cyber liability insurance policy may cover the following:
- Ransom money: If you choose to pay the ransom, make sure to notify your insurer beforehand. If you don't, the ransom payment may not be covered.
- Repair Costs: the cost to restore, update, and/or replace hardware, software, or data assets damaged through cybercrime or by an unintentional loss or release of data.
- Computer forensics experts: these professionals can help you determine how a hacker gained access to your network and may help guide you through strengthening your cyber defenses.
- Reputation management: protection from liability related to slander, libel, copyright claims, and other harm to your reputation resulting from activity on a business website or in social media.
Contact your Leavitt Group insurance advisor to learn more about protecting your business with cyber liability insurance.
- https://www.irmi.com/term/insurance-definitions/ransomware
- https://www.backblaze.com/blog/complete-guide-ransomware/
- https://digitalguardian.com/blog/what-data-exfiltration
- https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html
- https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/return-to-sender-preventing-ransomware-while-working-from-home
- https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/colonial-pipeline-investigation/
- https://www.iclick.com/pdf/howbigisagig.pdf
- https://www.iamagazine.com/news/colonial-pipeline-hacked-with-single-password
