DarkSide, Ransomware, and the Colonial Pipeline Attack: 8 Practical Ways to Lock Down Your Data

May 27, 2021

WHAT HAPPENED?

When bad actors initiated a ransomware attack on the Colonial Pipeline network earlier this month, panic-struck consumers emptied gas pumps across the Southeast. The pipeline, a critical infrastructure resource, ultimately paid attackers a $5 million ransom to get back online.

Ransomware operates by infecting a private network, then accessing and encrypting sensitive data. The affected organization must pay a fee to regain access to data or otherwise risk the attackers releasing it publicly and compromising data security.

DarkSide, a group of developers and cybercriminals, carried out the ransomware attack on the Colonial Pipeline. Those executing these types of attacks primarily use phishing to trick users into clicking links infected with the ransomware. DarkSide has publicly stated they target institutions with the ability to pay large sums of money versus less wealthy entities like schools, hospitals, and nonprofits.

Because ransomware developers have made it known they prefer to target highly profitable organizations and firms in the financial industry, your firm may be at increased risk of an attack. Here are some proactive steps you can take to decrease the possibility of a successful ransomware attack on your business:

1. Train employees on how to recognize potential phishing emails and use simulated phishing campaigns to re-enforce best practices for identifying, avoiding, and reporting phishing attempts.
2. Prevent most phishing emails from reaching employees by installing a rigorous spam filter on company email applications.
3. Always require multifactor authentication (MFA) on accounts and devices used to access sensitive information. You may want to consider using an authenticator app to further increase security.
4. Enforce a URL blocklist on your network to prevent users from reaching potentially malicious websites.
5. Install antivirus programs on company machines to conduct periodic scans of your network.
6. Restrict remote access permissions to your network, allowing access only as necessary, and require MFA to access the remote desktop.
7. Install software updates immediately when they are available. Applications and operating systems regularly patch vulnerabilities in software, stopping bad actors from exploiting user data.
8. Conduct penetration testing of publicly facing IPs that could affect your network if compromised at least annually and following any material network changes.

WHAT DOES THIS MEAN FOR ME?

When it comes to ransomware attacks, the biggest threat to your network is human error. Training employees to recognize phishing attempts and taking measures to ensure malicious emails never reach end users are two easy ways to secure your network. One wrong click could jeopardize your firm’s data security.

Because businesses in the financial industry may be more likely to be targeted by phishing, your firm should act now to prevent data compromise. Fairview Cyber can help your firm with essential cyber and data security services like phishing prevention training, network penetration testing, vendor due diligence, and more. Contact us today for more information about our services.