Insights

Ransomware-as-a-Service: Fueling the Latest Large-Scale Attack

May 17, 2021

Cyber Liability

Another week and another headline about ransomware groups shutting down a major corporation. On May 7, 2021, Colonial Pipeline Company, the largest US fuel pipeline, which provides 45% of the fuel for the East Coast, turned off the taps after an attack by ransomware group DarkSide.

gas pump car

This caused a gas shortage throughout the Northeastern United States. DarkSide hacked the company’s system, which prompted a blunt “I told you so” from Richard Glick, the chairman of the Federal Energy Regulatory Commission (FERC).

While most of the power grid has been subject to strict cybersecurity protocols for 10 years, oil, natural gas, and hazardous liquid pipeline operators were under voluntary compliance, leaving actual measures to the discretion of individual owners.

“Simply encouraging pipelines to voluntarily adopt best practices is an inadequate response to the ever-increasing number and sophistication of malevolent cyber actors,” said Glick.

Let’s go over two things to understand about this event, followed by next steps.

Ransomware-as-a-Service

Unlike the recent state-sponsored ransomware attacks, the DarkSide hacking group operates as a ransomware-as-a-service model, which means they license out their ransomware encryption technology to any group willing to pay for access to that technology.

They provide the technology, training, and best practices advice to attackers who want to extort money from companies. In return, DarkSide collects a fee and a portion of the ransom payments.

In a 21st century twist on the criminal with a conscience, DarkSide has even put out statements reinforcing their apolitical nature, expressing regret for causing a human impact, and stating their sole focus is making money, not geo-politics. It’s not personal, it’s just business. (Cue the Al Pacino voice.)

That stark admission of a sole focus on money is exactly why every company should consider themselves a target of ransomware.

Attackers will research your business for vulnerabilities and to evaluate the ROI of teaming with a hacker-for-hire, including reviewing your financial statements, business relationships, and yes, even searching whether you have a cyber insurance policy.

Difference Between IT and OT

Another takeaway is the difference between information technology (IT) and operational technology (OT).

IT is your corporate network, the place that connects the various aspects of your business functions and deals with all of the information passing throughout your company. OT is the technology that controls a physical process or operation of something tangible.

Understanding the crucial difference between these two sets of networks helps you evaluate and understand your risks—especially those in the manufacturing space. If you don’t focus on them, the hackers will.

Back to Colonial Pipeline. The company’s OT included logic controllers that regulated how much gas flowed through the physical pipeline. And this OT network is where the real damage can be done during a cyber attack—moving the losses from a financial problem to a physical, real-world problem.

To minimize the risk potential, creating firewalls between these two networks is crucial—it can prevent an attacker that gets access to your IT network from moving over to your OT network and really causing damage.

Next Steps for Your Cyber Security

As you think about this latest case, here are some next steps to consider:

  • Remember size doesn’t matter: groups like DarkSide don’t care about the size of your company, they just care that they can get in and get a ransom. Their goal is to make money.
  • Make sure your IT and OT networks have firewalls built in to prevent attackers from infiltrating one and impacting both.

For more insights like this, check out the Cyber Notebook or get more Cyber Dan insights by subscribing to our YouTube channel.

FEATURED VIDEO

CyberDan: Ransomware and the OFAC Sanction List

 

IN THE NEWS

Related Blog Posts

Was this post helpful?

See all articles by Dan Burke

All views expressed in this article are the author’s own and do not necessarily represent the position of Woodruff-Sawyer & Co.

Dan Burke

Senior Vice President, National Cyber Practice Leader

Editor, Cyber Liability

As National Cyber Practice Leader, Dan drives the strategy to grow our cyber business, such as developing tools to help clients and prospects understand and quantify their cyber exposures, as well as thought leadership. He frequently speaks at industry conferences and has been quoted in various trade magazines and newsletters, including The Wall Street Journal.

415.402.6514

LinkedIn

Dan Burke

Senior Vice President, National Cyber Practice Leader

Editor, Cyber Liability

As National Cyber Practice Leader, Dan drives the strategy to grow our cyber business, such as developing tools to help clients and prospects understand and quantify their cyber exposures, as well as thought leadership. He frequently speaks at industry conferences and has been quoted in various trade magazines and newsletters, including The Wall Street Journal.

415.402.6514

LinkedIn