Oldsmar water facility and Colonial Pipeline attacks demonstrate why the world needs Anti-Ransomware Day.

US$4 billion in losses, an estimated payday of US$386,000, and over 150 countries hit – to date, WannaCry remains one of the largest ransomware epidemics in history, despite having peaked four years ago

May 12 has been dubbed Anti-Ransomware Day by INTERPOL last year – on WannaCry’s anniversary – to remind organizations to back up their data and adopt relevant security protections.

Meanwhile, leading US fuel pipeline operator Colonial Pipeline continued work to recover from a ransomware cyber-attack that forced it to shut down on 7 May 2021, and sparked worries of a spike in retail petrol prices.

The company said it was the victim of a cybersecurity attack involving ransomware – attacks that encrypt computer systems and seek to extract payments from operators.

This most recent ransomware attack on the biggest fuel pipeline in the US that disrupted half of fuel supplies of the east coast of the US is testament to the increasingly detrimental threat landscape.

Anti-Ransomware Day is a timely reminder of the need to shore up defenses against ransomware attacks.

Senior Threat Analyst at VMware, Taree Reardon, shares her thoughts on the state of ransomware awareness and protection today: “The most important takeaway for organizations on Anti-Ransomware Day is the awareness and prioritization of patch management.”

Four years ago, when WannaCry hit, there was a patch available that would have protected organizations – but it was not widely implemented. “Whether it was lack of resources or awareness, or simply turning a blind eye to a major threat, a lesson was learned that still rings true today: patches need to be applied in a reasonable amount of time.”

Reardon concludes: “As cyber-attacks become more ubiquitous, severe and complex, no business is safe from becoming a victim. Organizations must put the correct security measures into place before it’s too late.”

Sheena Chin, Managing Director, ASEAN, Cohesity concurs: “The right way is to be on the front foot and build your lines of defence and recovery before you’re targeted. Limiting the damage caused and working on getting users and services back online is your end goal.” 

“The Colonial Pipeline ransomware attack is the latest example of the serious danger posed to businesses by the increasing number of cyber-attacks,” comments Chin. “While we do not know the ins and outs of this latest cyber-attack, what we do know is that no organization is truly safe from ransomware.”

However, she adds, organizations can take several measures to ensure their security level and data management hygiene is above average: “The first tactic all businesses should adopt is the 3-2-1 rule.”

This rule states that organizations must:

  • Have at least three copies of their data,
  • Store the copies on two different types of media
  • Keep one backup copy offline or offsite

“This approach means there will always be an available and usable backup of the company’s data and systems, even when backups are targeted by attacks – which they often are. That last point regarding offsite or offline backups is critical, as it mitigates the effects of ransomware, and when combined with the right multi-layered security and employee cybersecurity training, will help limit the potential for damage and boost your chances of recovery.”

“Ransomware is not going away,” Chin warns. “If organizations automatically defer to paying the ransom knowing they can fall back on insurance, this could prompt more and more bad actors to engage in ransomware attacks, as it becomes a guaranteed payout – not the desired outcome.”

Grant Geyer, Chief Product Officer, Claroty, adds a warning voice from the US: “Unfortunately, the cyber-attack against Colonial Pipeline is only a teaser of the future of cyber-attacks. As cybercriminals and foreign adversaries seek opportunities for financial gain and power projection, our national critical infrastructure is an easy target.”

In today’s industrial environments, operational technology (OT) infrastructure typically includes obsolete technology that can’t be patched, and staffed with people that are not as cyber-savvy as they need to be to keep attackers at bay. “This leads to a situation where cybersecurity risk levels are below acceptable tolerances, and in some cases, organizations are blind to the risk.”

Geyer adds: “One additional risk factor of pipelines is that they are highly distributed environments, and the tools that are used to enable asset operators [with] remote connectivity are optimized for easy access and not for security. This provides attackers opportunities to sneak through cyber defenses as we saw in the water utility attack in Oldsmar, Florida earlier this year.”

“Among critical infrastructure sectors, energy is especially at risk. Our researchers have found that the energy sector is one of the most highly impacted by industrial control system (ICS) vulnerabilities, and it experienced a 74% increase in ICS vulnerabilities disclosed during the second half (2H) of 2020 compared to 2H 2018.” 

He concludes: “Improving the nation’s critical infrastructure is going to require a public-private sector partnership, given the current gaps and potential risk to the US supply chain and national security.”