Colonial Pipeline Reopens After 1000 Bitcoin Payout
Colonial Pipeline Caves to hijackers
Colonial Pipeline is paying the price for bad backups and idiot employees. When you think of ransomware, you know it is not a hack, it is someone opening an email or more likely a file. Once the file is opened the programming does the rest. So let’s look at what we know about the Colonial Pipeline idiocy.
Who is Colonial Pipeline
Colonial Pipeline supplies oil and gas to most of the east coast. It supplies 45% of fuel over its 5,500 mile network and includes jet fuel. A huge enterprise with huge budgets providing a big piece of US infrastructure. Yet here they fail on the most primitive easily obtained means of protection, that of a good backup. One would think they had the standard daily, weekly, and monthly backups so they could get back to normal under any circumstance. They did not. Their miserable IT department collected vast sums of money for their payrolls and provided nothing in return except to keep computers running. How in the world can the corporation who claims to be “Americans Energy Lifeline” be so irresponsible?
Where is your backup?
A huge error was running the systems with any public Internet access and should have been on their own closed network. Perhaps that might take a bit of budget they did not want to use as investors come first, not customers or a functioning business.
Ransomware demands bitcoin, not dollars
While many news outlets only report that $5 million was passed, it was not actually. No ransomware asks for dollars, they want bitcoin. Something outside the very system they bypassed. These same news outlets first tried to foist responsibility on Russia because the ransomware was in that language. They now know that the initial message came from the Ukraine, not Russia and that an employee opened an attachment which installed the software that eventually took down the most important fuel transport system in the USA.
Lessons for major corporations
The most important lesson to learn is to do the proper backups. To keep daily, weekly and monthly backups as well as incremental backups. To deploy your own networks and not use the public network is important too. Educating your staff to the issues might help or to hire people who actually can do the job in the first place. It is often the case that top executives are the ones who open these kinds of messages that destroy a business.
Never pay ransom
The second lesson is to never pay a ransom. Less than 20 percent of those who pay get their data back and even if they do it is always open to attack with the hidden back doors already in place. Paying ransom encourages others to take the chance and using bitcoin they will never be caught. Colonial Pipeline has opened the door for more ransomware on bigger corporations. The problem is there will always be an idiot who opens a file that will quickly make hackers rich.