Lessons Learned from an Oil Pipeline Ransomware Attack


Oil Pipeline Ransomware Attack

Your business may not be supplying oil to the United States, and you may not even be in the critical infrastructure business, but don’t think that means ransomware can’t happen to you, too. This article shares lessons learned from a headline-grabbing event, and they're applicable to businesses of all sizes in all industries.


First, what happened? The May 2021 ransomware attack crippled a 5500-mile gasoline pipeline. The Colonial Pipeline serves up nearly half of the gasoline used by the East Coast of the United States. The attack, thought to be the largest ever on US oil infrastructure, encrypted almost 100 gigabytes of data. Russian hacker group DarkSide took the systems hostage, demanding an undisclosed ransom. The pipeline was offline for days, and the disruption plagued the country for weeks.


The lesson learned? Businesses cannot underestimate the importance of being proactive about preventing cybercriminal attacks. The Colonial Pipeline attack originated in Russia and attacked the US, but the motive was financial. The majority of cyberattacks come down to money. That means your business could be at risk, too.


Lesson #1: Educate employees


Avoid falling victim to a devastating ransomware attack by educating employees about cybersecurity. Train your employees to recognize phishing emails and other scams, teach them about the importance of strong passwords, help them understand potential dangers of using unsecured wireless networks or unencrypted devices, and prevent their downloading unsanctioned apps onto work computers.


Lesson #2: Use firewalls and email filtering


Configure firewalls to protect your network and block access from malicious IP addresses. Geo-fencing can reduce traffic from foreign actors in known cybercrime hubs.


Additionally, set up advanced spam filters. These help identify and stop phishing emails before they even get to your employees.


Lesson #3: Limit access


You’re thinking you’re doing that already with firewalls and filtering, but this refers to limiting access for the people who work for you. Configure credentials so that employees can access only what's needed to do their job. Limiting administrative access makes it more difficult for bad actors to do damage.


Also, limit permissions to reduce access. One employee may need to read certain files but have no need to edit them. Configure the file and directory access accordingly.


Lesson #4: Monitor and patch


Even if you’re not online at all hours of the day, you should be monitoring IT