I have been following the Colonial Pipeline ransomware attack closely this past few day sand I must admit that I learnt a lot. You can read all about the attack and subsequent recovery in the reference links below.
- Colonial Pipeline got hit by a ransomware attack.
- Threat Actor: Darkside group using a RaaS (Ransomware-as-a-Service) model.
- Attack Vector: Compromised VPN credentials from a legacy VPN profile.
- Colonial Pipeline was pressured into meeting the payment amount and dateline using a combination of DDoS and Triple Extortion method.
- Colonial Pipeline paid out approximately USD$4.4 million (in bitcoin).
- U.S Department of Justice (DoJ) managed to recover approximately USD2.3 million (in bitcoin).
• How: DoJ managed to obtain the Private key of the crypto wallet that contained the ransomed crypto currency.
- RaaS: Ransomware-as-a-Service
- Ransomware: a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment.
- VPN: Virtual Private Network. Generally used when you need to connect to a network from a remote location.
- Threat Actor: a single person carrying out a security incident, as well as a group, an organization, or even a country involved in carrying out a cyberattack.
- Attack vector: Attack vectors are the methods that a cybercriminal could use to breach or infiltrate a network.
- Triple Extortion: cyber criminals are demanding payments from the target company, their customers, partners and other related third parties.
- Darkside: a cybercriminal hacking group, believed to be based in Eastern Europe, that targets victims using ransomware.
- DDoS: Distributed Denial of Service.
So how do you protect yourself and/or your organization?
- Up-to-date patches
- Use Anti Malware and Anti Ransomware software
- Well configured Firewall
- Block unused ports and services
- Disable unused accounts
- A strong password policy
- Well trained IT team
- End user education
Learn more by obtaining your CompTIA Security+ certification at Skills Campus.