New Developments in the Colonial Pipeline Attack Provide Businesses Good News – And Some Important Lessons

Woods Rogers Vandeventer Black
Contact

It has been barely a month since we reported on the recent ransomware attack on the Colonial Pipeline Company, yet news continues to break with additional revelations about the recent attack.  What we have learned during the past several weeks should give businesses encouragement, while reinforcing some important lessons.

Shortly after the attack, it was revealed that Colonial Pipeline paid roughly $4.3 million in bitcoin (BTC) to obtain the decryption key from the attackers to allow Colonial to access its data and help restore its systems.  On June 7, 2021, the Department of Justice announced that it was able to recover 63.7 BTC valued at approximately $2.3 million allegedly representing funds paid to the group DarkSide which had targeted Colonial in the ransomware attack.  According to the Department, the Federal Bureau of Investigation was able to track multiple transfers of BTC and to identify the virtual currency wallet used by DarkSide to collect payment. Based on this, law enforcement was able to seize the funds, via a warrant, using a private key in their possession. This is a significant development in the investigation of ransomware attacks and good news for future investigations. For more information about Bitcoin technology, please review our recent articles here.

Colonial Pipeline’s CEO Joseph Blount testified before Congress concerning the attack this week.  Blount’s testimony revealed that the ransom payment was made the day after the attack and that the hackers had gained access to the company’s network and exfiltrated data from the company by compromising a legacy VPN account that, unlike other remote access accounts, was protected by a single password, not multi-factor authentication. It is unclear how the password was compromised. Blount also testified that while the decryption key was obtained from the hackers, the company is still recovering from the attack but that the emergency response processes that were in place helped the company swiftly respond to the attack.

After watching the events unfold surrounding the ransomware attack on Colonial Pipeline – a critical infrastructure facility – there are some key takeaways for all businesses, large or small, to reduce risk:

  • Ensure incident response plans are up to date and include specific steps to address a ransomware attack and consider performing “table top” exercises to practice responding to events
  • Use multi-factor authentication across accounts and keep track of all user accounts, including remote access accounts
  • Understand that ransomware can impact any business
  • Even if a business decides to pay ransom, it will likely take some time to get systems back up and running

Falling victim to a ransomware attack can cause significant damage, particularly to smaller businesses that lack the resources to recover from such an attack.  Don’t go it alone. 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Woods Rogers Vandeventer Black | Attorney Advertising

Written by:

Woods Rogers Vandeventer Black
Contact
more
less

Woods Rogers Vandeventer Black on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide