Colonial Pipeline and Irish health service attacks highlight growing ransomware risk

Topics:
Print Friendly, PDF & Email

One of the most damaging types of cyberattacks employed by hackers today is ransomware, where attackers use malware to shut down or lock organisations out of their systems until a ransom is paid to restore the services, usually in untraceable cryptocurrencies such as Bitcoin.

And while not new, what is alarming is the rate at which ransomware attacks against organisations is increasing. A recent report by BlackFog cites as many as 31 separate ransomware attacks in the month of April 2021, and a study by IBM claims a quarter of all cyberattacks in 2020 were caused by ransomware.

June has already seen its first high profile attack, against JBS SA, the world’s largest meat processing company. According to a report in Wired, the company’s US subsidiary said that some of the servers supporting its North American and Australian IT systems have been affected by an organised cybersecurity attack. In response it has taken some impacted systems offline and notified law enforcement. The attack has caused disruption to JBS operations in Australia, Canada and the US, with some plants having to be shut down and workers sent home.

One of the most high profile recent examples is the major ransomware attack in May 2021 against the US-based Colonial Pipeline Company, which transports 2.5 million barrels of gasoline, diesel, heating oil and jet fuel per day. The FBI identified the attack, which shut down the Colonial Pipeline Company’s operations, as being linked to an Eastern European hacker group called DarkSide.

Naturally, the closure of its pipeline had huge knock-on effects for utilities in the US. In just five days, the price of oil reached more than $3 per gallon – a price that had not been exceeded since 2014. While this was partly due to the actual damage done by the hackers it also created panic buying which further increased the price and shortages. Colonial’s CEO, Joseph Blount, acknowledged that the company paid the ransom of $4.4 million worth of Bitcoin, but admitted that the attack will cost the company tens of millions of dollars to restore its services over the coming weeks and months.

According to a report in Wired, the company’s US subsidiary said that some of the servers supporting its North American and Australian IT systems have been affected by an organised cybersecurity attack.Click To Tweet

However, it’s not just big corporations suffering. Every type of organisation from relatively small companies to universities and even hospitals have been hit.

For example, another recent ransomware attack involved the threat of 700GB of Irish patient health data being made public. ZDNet reported that ransomware group Conti threatened to leak and sell sensitive health data, resulting in the Health Service Executive (HSE) pulling all systems offline. While COVID-19 vaccinations and ambulances services continued, outpatient appointments such as maternity services and X-rays were interrupted, with many being cancelled.

The HSE has warned that there may be delays in delivering COVID-19 results, potentially affecting travel and work arrangements for Irish patients. In an attempt to mitigate the attack, the High Court issued an injunction making it illegal for the patients’ data to be processed, sold or leaked online. The ransom payment of $20 million will not be paid, in accordance with Irish policy. Paul Reid, CEO of the HSE, stated that assessing and restoring the impact of the breach “will take many weeks” and that “major disruption will continue due to the shutdown of our IT systems.”

These examples show that any type of organisation can fall victim to ransomware and that it can have costly and serious consequences. A robust ransomware defence strategy requires three strands. You need to be able to detect the attacks, prevent them and, even if really well prepared, be ready to recover from a successful attack if, or when, the worst does happen. A comprehensive set of security solutions that include an effective backup capability is essential to defend your organisation from ransomware.

The criminals behind ransomware attacks are not going to stop while ransoms are still being paid. Getting the right defence in place means both keeping your organisation safe and making sure you are not forced to fund future attacks.

Barracuda Networks can help you to protect, prevent and recover from ransomware attacks. Visit https://www.barracuda.com/ransomware to learn more.

Scroll to top
Tweet
Share
Share