Is Your Ransomware Mistake Worth $5 Million?
Related To: Electronic Design
If you have a non-electric car, then you’re aware that the cost of gasoline has been going up due to the shutdown of the Colonial Pipeline caused by a ransomware attack perpetrated by a criminal organization called DarkSide. We may not know the details of what went wrong. However, it’s easy to guess what happened.
It’s one thing to take over a single PC, but the attack like the one on the Colonial Pipeline is different, and not just because of its magnitude. For a single PC, the attack can come in the form of a corrupted file or email. It’s also possible to attack a PC attached to the internet remotely through bugs in the network software.
An attack on a larger network like the one controlling the pipeline usually starts through a single PC, but the security hole is then exploited by the attacker. Ransomware on a PC will likely notify the user almost immediately. However, an attacker assaulting a larger system will likely remain under the security radar for a long time, maybe months. This allows for examination of the system and creating additional holes in any security so that the attacker can get back in—even if one of those holes, including the original one, are closed.
Once an attacker is inside a system, then it’s a matter of how restricted they might be and what systems they may need to compromise. One potential point of attack for the pipeline would be the supervisory control and data acquisition (SCADA) controls commonly used in this type of environment. These should not be directly accessible via the internet, but even keeping them behind a firewall is insufficient if other computers on the same LAN are compromised.
What is Ransomware?
The National Cybersecurity Picture
Likewise, paying a ransom may not get the results promised. Colonial Pipeline’s recovery was a combination of restoring from backups and using information provided by DarkSide after the ransom was paid. The latter took more time to implement because restoration wasn’t instantaneous.
Unfortunately, our critical infrastructure includes more than just one pipeline and protections—much of this infrastructure is on par with Colonial Pipeline. Many have been influenced to make changes, but we don’t know how many or how effective these efforts will be in preventing such attacks.