As a diehard tech guy, the Colonial Pipeline hack has me fascinated... which is why I keep posting about it. Over the weekend it became known that the company had paid over 5 million in ransom to try and bring the system back up. However, part of paying the ransom is the criminals sending you a program that performs the decryption and in this case the RansomWare gang's decryption program seemed to be poorly written and due to that it was running very slowly. Consequently it was taking much longer to perform the decryption than had been originally anticipated.
Something else I learned was that despite statements that the shutdown would have little affect on the eastern seaboard, there was a mad scramble behind the scenes to try and find trucks, trains, and ships that could bring in the fuel normally provided by the Colonial system.
Then on Friday, the website for the DarkSide gang, who perpetrated the attack, went offline. Then rumors began to swirl that someone had broken into their crypto wallet and stolen the amount of Bitcoin that equaled the ransom that was paid. This is becoming a question, in a riddle, wrapped inside an enigma. There are parts of this strange incident that we will probably never know.
My concern over this situation is growing. While the hack has received moderate coverage in the press, there has been little public attention paid to the story. Meanwhile ransomware attacks continue to increase and there seems to be very little being done about it. Never mind the fact that the entire east coast is supplied by ONE pipeline (who allowed THAT to happen?), it's the simple fact that ransomware has become an epidemic that for some reason remains ignored by the public at large. I'm seeing shades of the Covid-19 crisis where no one paid it any attention until suddenly *everyone* was impacted by it.
For the last couple of years now, I've been trying diligently to et healthcare facilities to up their cyber security game, but now it's not just healthcare I'm concerned about, it's our entire system.
To that end, over the weekend a discussion has worked its way to the top of the Colonial story about whether companies should be paying ransom at all. Many experts, including someone I highly respect, Chris Krebs, are now advocating for the federal government passing a law to make it illegal to pay ransom in these types of attacks.
No matter where you fall in that debate, it's easy to see that something needs to be done because this entire situation is getting completely out of control. If you go to Google and just type in "Colonial Pipeline Hack" you'll be stunned by what you see. The number of attacks is increasing exponentially and it's exposing just how unprepared the United States really is for a cyber event. I'm alarmed and hopefully I'm not alone. If enough of us raise our voices and make our concerns known, we can stop this before it is too late.
Unfortunately it's a money problem.
ReplyDeleteI was stunned when one of my clients was able to get $4,000,000 in "cyber insurance" for under $2,000/mo. The insurance company didn't do any sort of auditing or due diligence. They just port-scanned all the routers and the website using Nessus and when nothing came back as having a problem, they issued the policy. They completely failed to find they are still running ~350 Windows 7 machines, and their Managed Service Provider "solved" an Eaglesoft issue by promoting everyone to be a domain administrator. It's literally a bomb waiting to go off, and no one cares because they are "covered". Insurance will pay for lost revenue, credit monitoring for patients, etc... The situation is atrocious. It's literally cheaper for them to spend $2k/mo on insurance than it is to pony up $400,000 for new computers, techs to install them, and any sort of decent security software.