As Colonial Pipeline continues to ramp up operations on the largest US pipeline network a week after a ransomware attack prompted it to shut down the line, it remains to be seen what the ultimate impact of the cyberattack on the company will be.
Stretching 8,850 kilometers from Gulf Coast refineries to consumers in mid-Atlantic and Southeast states, the pipeline’s shutdown earlier this month halted 2.5 million barrels per day of shipments of gasoline, triggering higher gas prices, fuel shortages and panic buying all along the US Southeast and Eastern seaboard. And while operations have since resumed, it could still take several more days for the fuel delivery supply chain to return to normal.
As reports continue to come in about the real costs of this attack – including the roughly US$5 million in ransom in untraceable cryptocurrency the company reportedly paid to Eastern European hackers for access to a decrypting tool to restore its disabled computer network – what is known is that the attack wasn’t unique, nor is it likely to be the last of its kind.
“Unfortunately, it’s very normal for these types of things to happen,” said Shawn Ram (pictured), head of insurance at Coalition, a provider of cyber insurance and security solutions to help businesses manage and mitigate cyber risk. “The manner in which the adversaries accessed the company, or the nature of the ransomware attack, is not particularly unique.”
Steve Robinson is national cyber practice leader at Risk Placement Services, one of the nation’s largest specialty insurance product distributors. Earlier this year, he authored a white paper that supports Ram’s belief that ransomware attacks are becoming more commonplace, with perpetrators of the crime targeting larger entities.
“Ransomware has evolved from the early days of ‘spray and pray’ email designed to distribute malware indiscriminately to thousands of would-be victims, hoping that a few would click the link and pay hundreds of dollars each,” he said, citing studies that showed a 200% increase in the size of ransom demands and payments in the first half of 2020 compared to the first half of 2019.
Along with ransomware attacks becoming more frequent and involving higher stakes, Robinson noted ransomware attacks have “evolved” beyond the exchange of bitcoin for decryption keys “to include more traditional extortion methods to prevent the release of private information, corporate secrets or incriminating evidence.”
So far, the Colonial Pipeline incident appears to be a more traditional ransomware attack, with the organization locked out of its own system by perpetrators demanding money in exchange for access to its systems. But while the attack may not rank high in uniqueness, it generated headlines because of the pipeline’s status as a critical part of the nation’s infrastructure.
“There’s a belief in the cyber insurance and cyber security community that critical companies, entities that are involved with critical infrastructure have, for lack of a better term, a higher standard of care around cyber security and cyber risk management,” Ram said.
“We would expect critical infrastructure to apply and execute strong security procedures – to have a strong operating discipline around the manner in which they protect their entity because of the impact it (an attack) would have on the economy.”
As Colonial, its insurers and other affected entities tally up the real costs of the attack, Ram suggested that there’s at least one silver lining in all this, in the form of heightened public awareness about what might be at stake when the next cyberattack strikes.
“What my hope is, is that people will say, ‘Hey, this is real and cyber security matters.’ More importantly, cyber risk management matters,” he said. “There’s a greater propensity for improving cyber security and cyber risk management as a result of breaches such as this.”