I’ve started to notice an unfortunate rhythm to the news flow over the course of any given week in 2021: there is usually some sort of report that an entity was hit by a ransomware attack.
If we go back in our minds a few years, ransomware seemed far more “exotic.” It existed, but many people and many companies had logical reasons to believe it was far removed from their operations.
In 2021, it’s become clear that ransomware can impact any business at any time.
Colonial Pipeline: Ransomware Crosses the Rubicon
We may look back on 2021 and view the Colonial Pipeline attack as the moment that galvanized a coherent U.S. policy and enforcement response to ransomware.
As of this writing, this was the largest single impact on the U.S. energy system that we’ve seen from a cyberattack, with officials noting that the consequences have a similar feel to a severe hurricane or weather event that causes physical damage1.
To recap: The Colonial Pipeline is roughly 5,500 miles long and is the largest refined products pipeline in the U.S., supporting about 45% of East Coast fuel consumption. It runs from the Houston, Texas, area on the Gulf Coast up to the New York metro area.
The actual ransomware attack hit Colonial’s information technology systems, but as a precautionary measure the firm shut down its operational technology systems because it was uncertain in the early hours how deeply the attack could spread2.
It is the case today that most ransomware attacks, even if they hit industrial targets, impact information technology systems as opposed to operational technology systems. Ransomware experts are seeing an uptick in the targeting of industrial control systems, but a critical point is that many such targets do not have high connectivity between information technology and operational control. It is not always a simple matter for malware to jump from the IT side to the operational side.
DarkSide: Victim of the Publicity Paradox
Within the ransomware world, anonymity is one of the most-prized assets.
DarkSide, widely viewed as producing the specific malware used in the Colonial Pipeline attack, views ransomware as a business. Cybereason estimates that its malware has been used to…