What the Colonial Pipeline & JBS Attacks Have Taught Us About Ransomware

What the Colonial Pipeline & JBS Attacks Have Taught Us About Ransomware

Two recent ransomware attacks have had big impacts that reach far beyond the two companies impacted.

In May, both Colonial Pipeline and JBS, the world’s largest beef and pork producer, had operations shut down for nearly a week due to devastating ransomware attacks.

While Colonial Pipeline’s impact may have been contained mainly in the U.S., with gasoline shortages throughout the East Coast, the JBS attack directly impacted Canadians.

The attack on JBS (Pilgrim’s Pride, Swift, etc.) caused meatpacking facilities in Canada, the U.S., and Australia to shut down while the company was grappling with the attack and trying to get operations back up and running.

Both of these attacks causing international headlines because of the widespread effect on the supply of vital products have made many companies revisit their IT security plan. 

Lessons to Learn from the Recent Ransomware Attacks

Ransomware Has Been on an Upward Trajectory

In 2020, ransomware attacks increased 485%, and that’s not only due to the pandemic. Ransomware had already been on the rise prior to COVID-19 causing global disruption.

Ransomware is now one of the most dangerous forms of malware that companies need to defend against. It has been getting worse in multiple ways, including increased volume of attacks, increased remediation costs, and increased sophistication.

What’s causing ransomware’s climb?

  • A majority of companies pay the ransom, so hackers keep attacking.
  • Large state-sponsored criminal groups use ransomware to make money, thus they improve its sophistication and efficiency.
  • Ransomware as a Service (RaaS) is now being peddled to those hackers who are less “tech-savvy.”

Ransomware Is Particularly Devastating

Ransomware has been such an effective money-maker for criminal groups because it leaves a company at a standstill. It often completely shuts down operations, effectively putting a company out of business until it regains access to its data.

Ransomware encrypts data so it can’t be read by user systems. It’s also quite good at spreading itself as far throughout a network as possible. It will look for any other available devices or cloud storage services to infect, and quickly take down an entire company.

The cost of downtime averages between CAD $76,804 and $84,285 per hour.

Because it’s so devastating, companies will often panic. Many will pay the attackers in hopes of getting operations back up and running quickly.

Even Large Organizations Aren’t as Prepared As They Think

You would think that large organizations like Colonial Pipeline and JBS would have airtight security and be completely protected from an attack of this magnitude.

But unfortunately, that’s not the case. Often companies, both large and small, will think they’re more secure than they actually are.

In the case of the Colonial Pipeline attack, the company identified the breach point as an unused VPN account that was not protected with multi-factor authentication. Often, it can be the simplest lapse in good cybersecurity hygiene that can enable a critical security breach. 

Companies need to have regular IT security audits to check for any potential areas of weakness that may be leaving them vulnerable.

Recovery is a Vital Part of a Back-Up Strategy

Something that may surprise people about the attacks on Colonial Pipeline and JBS is that both companies chose to pay the ransom to the attackers. So, not only did they have a vulnerability that allowed the attacks to happen, but both also didn’t have an easily restorable backup.

Ransoms paid in those attacks:

  • Colonial Pipeline: $4.4 million
  • JBS: $11 million

Both justified their decisions with the fact that they owed it to their customers to get operations back up and running as fast as possible. Both felt the path to do that was to trust the attackers to hold up their end of the ransom bargain.

Fast data restoration is an important part of a backup and recovery strategy. If data is backed up but takes several days or weeks to restore, then it’s going to mean expensive downtime.

When deciding on a backup strategy, you need to pay attention to the recovery capabilities. You want to have a system in place that takes a full system image backup and can restore that to multiple devices quickly in the case of data loss or encryption.

Having an Incident Response Plan Is Important

When hit with ransomware or another type of work-stopping attack, employees must know what to do. For example, they should know the immediate steps to take if their device is infected with ransomware (like disconnecting from the network to prevent spread).

Employees should be regularly taken through an incident response drill, including going through the backup and recovery process.

Having a practiced incident response plan in place can significantly reduce costs and downtime in the event you fall victim to ransomware. 

Get an IT Security Assessment for Ransomware Prevention

Haxxess can help your Northern Ontario business identify any vulnerabilities that could leave you at risk of a ransomware attack. 

Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.

stay in touch

Subscribe to our newsletter and we'll keep you informed about latest IT news.