Analysts at specialist insurance broker McGill & Partners have said that the recent cyber attack on Colonial Pipeline should serve as a “wakeup call to organisations all over the world.”
Last week’s ransomware attack on the largest fuel pipeline in the US took the service offline over the weekend, causing major disruption and a sudden hike in fuel prices.
The hack is being seen by many as one of the most significant attacks ever to successfully target critical national infrastructure. The pipeline carries 2.5 million barrels a day, or roughly 45% of the East Coast’s supply of diesel, petrol and jet fuel.
It’s thought that access to the network was gained through the administrative side of Colonial’s computer system, rather than via a direct attack.
Shannan Fort, Head of Cyber at McGill and Partners, noted that Colonial is now faced with a difficult decision, and warned that many other organisations remain similarly unprepared for attacks of this nature.
“While Colonial will be working around the clock to remove this ransomware from their systems, the organisation will likely be left with two options,” Fort explained. “Either work to clear this ransomware from all their systems, a complex, costly process which could take weeks. Or pay the ransom – however with payment, there is no guarantee that the systems, including their data, will be fully restored
“While we don’t know what they’re demanding, cyber-ransoms can run into the tens of millions of dollars – and they are often paid,” she added.
The US Department of Transportation has made an emergency declaration in light of the disruption to Colonial Pipeline, given that the fuel supplier has not yet confirmed when it will be able to resume full operations.
The emergency order aims to facilitate alternative transportation routes for oil and gas to avoid further shortages and limit price increases.
According to the FBI, the agents behind the attack belong to a Russian cybercriminal organisation called DarkSide, which claims to be apolitical and was seeking to hijack and extort the Colonial Pipeline network.
“Cyber-attacks aren’t going away, cyber-criminals keep evolving and this means organisations will keep facing huge disruption unless they take real preventative and mitigative measures,” Fort continued.
“There is a clear correlation between being prepared for these sorts of attacks and having to pay ransoms. The more prepared a company, for example with detailed data back-up and continuity measures, the less likely they are to be forced into paying.”