Colonial Pipeline hack uncovered: security measures recommended by FBI and CISA



The Colonial Pipeline ransomware attack is potentially one of the worst cyberattacks to take place this decade. A group of hackers known as DarkSide stole nearly 100 GB of data from Colonial Pipeline servers before locking them down and demanding a ransom. Colonial Pipeline, with help from the FBI, paid around $ 5 million to recover its systems.

And it didn’t stop there.

The decryption tool provided by the hacker group was so slow that Colonial Pipeline had to use its own backups to bring its systems back online. It cost Colonial Pipeline even more than the ransom, possibly tens of millions of dollars, to completely restore its systems.

So what is Colonial Pipeline and how did it all start?

What is the colonial pipeline?

  • Colonial Pipeline operates the largest pipeline system in the United States.

  • Its services span 5,500 miles from Texas to New Jersey.

  • It transports approximately 100 million gallons of fuel per day, including gasoline, diesel, and fuel oil.

  • Seven airports obtain their jet fuel directly from Colonial Pipeline.

  • Almost 45% of the east coast of the United States, including New York, Washington DC, Florida, Georgia and the Carolinas, get their fuel from Colonial Pipeline.

How did the ransomware attack happen?

A leaked password.

Yes, you read that right. The attack vector was a single leaked password on an active VPN account that was no longer in use. Since multi-factor authentication was not enforced, hackers only needed the hacked username and password to infiltrate the Colonial Pipeline network.

Following the ransomware attack, Colonial Pipeline took its systems offline to contain the threat. This, in turn, led to panic buying, shortages and the biggest increase in fuel prices since 2014.

Strategies Recommended by the FBI and CISA to Prevent Ransomware Attacks

Native tools and traditional approaches to cybersecurity are no longer sufficient to combat sophisticated large-scale attacks carried out by cyber attackers. In our webinar, FBI and CISA recommendations for preventing ransomware attacks, our product experts will cover:

  • The timeline of the attack.

  • How the attackers entered the Colonial Pipeline network.

  • FBI and CISA recommendations to prevent ransomware attacks.

  • How to implement these recommendations in your IT environment.

Too busy? Sign up anyway and we’ll share a recording of the webinar for you to watch when it’s convenient for you.

ADSelfService Plus is an integrated, self-service multi-factor authentication and password management solution with powerful features to protect your organization against credential-based cyber attacks and prevent malware attacks. Want to discover our tool? Schedule a free demo with our product experts.

You can also try ADSelfService Plus for yourself with an exclusive, free 30-day trial.

The post Colonial Pipeline Hack Discovered: FBI and CISA Recommended Security Measures First Appeared on the ManageEngine Blog.

*** This is a syndicated Security Bloggers Network blog from ManageEngine Blog written by Sharon Raj. Read the original post at:



About Author

Comments are closed.