Ransomware is a growing threat to businesses of all types, with potentially crippling implications when essential infrastructure and services are targeted.
Last Friday, the 5,500-mile Colonial Pipeline was shut down by its operators after being hit with a cyberattack. The attack targeted a pipeline that carries 45% of the gasoline and diesel fuel from Gulf Coast refineries to the New York metro area. The operators of the pipeline learned that it was the victim of the attack and “took certain systems offline to contain the threat, which has temporarily halted all pipeline operations.” Colonial is the main source of gasoline, diesel, and jet fuel for the U.S. East Coast, with a capacity of about 2.5 million barrels a day on its system from Houston as far as North Carolina and another 900,000 barrels a day to New York.
The Colonial Pipeline route along the U.S. eastern seaboard. Source: Colonial Pipeline
The Ransomware Threat
Ransomware is one of the most insidious threats faced by any organization, with particular risks for businesses and other operations that depend on access to critical data and connectivity. Ransomware attacks are what they sound like – typically, an attacker will restrict access to data and/or systems with the threat that the data/systems will be permanently destroyed or disable of a ransom is not paid. Ransomware is a global threat that targets individuals and organizations of all sizes.
According to various sources, an eastern European-based criminal gang known as DarkSide may be responsible for the attack on the Colonial Pipeline, in which large amounts of data were exfiltrated from systems and held hostage pending payment of a ransom. The company’s response has been to take the pipeline offline, and institute backup systems to try to bring its assets and systems back online. The challenge for Colonial is that there are thousands of sensors and control points along the pipeline critical to its operations, and the software collecting and monitoring data needs to be secure and operational.
The Ransomware threat is growing. A recent study by Sophos found that 37% of respondents’ organizations were hit by ransomware in the last year, with 54% of those hits saying that attackers had succeeded in encrypting their data. While the average ransom paid by mid-sized organizations was $170,000, the average total bill for rectifying a ransomware attack was $1.85 million.
According to Sophos, Retail and Education reported the most attacks, but businesses across industries reported being the target of Ransomware.
Source: Sophos State of Ransomware Survey 2021
Cybersecurity firm Cybereason in a blog post said that the actors behind the DarkSide group believed to be responsible for the Colonial hack follow the “double extortion” trend in ransomware, meaning they not only encrypt user data but exfiltrate it and make it public if a ransom payment isn’t made.
With the proliferation of devices at the edge and across physical infrastructure, organizations face unique challenges in securing operational systems that were originally designed to have no connectivity with outside systems. For critical industries, the risks are heightened given the essential role they play in the economy. In 2016, a cybersecurity unit of Homeland Security disclosed that it had worked to identify and mitigate 186 vulnerabilities throughout the energy sector, the most of any critical infrastructure industry that year. In 2018, federal officials warned that hackers working for Russia had infiltrated the control rooms of U.S. electric utilities. The challenge with cybersecurity incidents for operational systems is that for IT security incidents, resolution typically takes a few days, while attacks on control systems can take weeks to resolve because of the age and complexity of those technologies, limited expertise, and proximity to core operations.
Ransomware attacks are not new, but they are increasing in severity and effectiveness, and businesses need to take additional precautions to back up their data, secure access to systems, and ensure there are procedures in place to deal with any potential cyber-attacks. One approach is to ensure that an appropriate reference model is applied to the logical architecture of IT systems that connect to operational systems. Many cases of industrial cyber-attacks (such as the famous StuxNet worm that targeted Iranian nuclear centrifuges) result from targeting outdated Windows systems that are connected to controllers. There has also been active venture capital investment in the Industrial IoT cybersecurity sector, which is likely to remain highly in-demand by organizations battling the technologically enhanced, by human-created threats of Ransomware.
Momenta is the leading Digital Industry venture capital firm accelerating digital innovators across energy, manufacturing, smart spaces, and supply chain. Led by deep industry operators across its venture capital, strategic advisory, and executive search practices, Momenta has made over 50 investments with notable exits to SAP, PTC, and Husqvarna Group. For more information, visit http://www.momenta.one, join the @MomentaPartners conversation or contact info@momenta.one.