Security in Color

Podcast Episode 53: Gas is HOW much? Let’s talk ransomware.

Happy Friday my lovely people!

I hope you are doing good, feeling good, smelling good, looking good. Let me stop before I make a song out of this. You didn’t know I was a rapper, too? I do cyber, I do cloud and now I’m a rapper. Let me go update my resume cause the price is going up for these bars lol.

Anywhoo, let me get back on track. Don’t forget, if you enjoy today’s episode go ahead and please press that subscribe button wherever you listen to podcasts, and if you are an Apple Podcast listener, please leave me a rating and comment. I thoroughly enjoy reading your comments and feedback about the podcast.

Alright, let’s get into today’s episode – a topic that has caused panic and chaos, has people filling up plastic bags full of unleaded gas, and is hitting the pockets of east coast car drivers as the price of gas has skyrocketed due to decreased supply. What do all these things have in common?

You guessed it ladies and gentlemen. A ransomware attack.

Ransomware is nothing new, we’ve talked about different attacks extensively on the podcast. But today we’re going to deep dive and give you the rundown – on what ransomware is, how it began, how it got to where it is today, and how that affects you.

What is ransomware?

Before I get into the history of ransomware, let’s first define and understand what it is?

It’s a word that pops up every month, if not every week on cybersecurity professional radars but for the average person ransomware is still pretty unknown or its understanding muddy. So let me clear it up for you.

If you have a computer or any kind of device that connects to the internet, you are familiar with malware, which is short for the term malicious software. Malware is an umbrella term for things like viruses, worms, trojans, essentially any bad computer program that you don’t want on your device.

Malware comes in many flavors, like the viruses and worms I just aforementioned, and one of those flavors are called ransomware. Ransomware is when a bad piece of malware gets onto your device and encrypts your files to lock you out of your data. You can even think about it in real-world bad situations – think of a hostage situation or blackmail. The bad guy is holding a bank up or perhaps got some sneaky evidence on you and won’t release it unless you pay them. That’s exactly what ransomware is except for your digital assets.

Now, typically in the movies, we see the weird notes mailed to the police station with random magazine lettering to disguise their handwriting. Perhaps we see phone call negotiations reminiscent of the movie inside man. None of that happens in the cyber world – instead if you are hit with ransomware you will notice that you cannot access or do anything on your computer and your screen will have the ransom note requesting an amount to pay in order to unlock your data. Below is an example of what I am talking about.

Ransomware infects Ukraine energy ministry website - BBC News
Example of a ransomware note asking for Bitcoin

Now ransomware has been around for decades, like I said this is nothing new. But the types of ransomware, and yes there are many varieties, have grown over the years becoming more sophisticated with features like being able to evade detection from your antivirus programs. In addition, we live in a society where there are billions of devices around the world, connected in more ways than we have ever had. While convenient and cool for us as a consumer, it is a money-making playground for attackers.

The method at which attackers can get malware on to your devices and encrypt you data varies as well and you might have heard or seen some of these methods. Attacks can send ransomware as an email attachment, tricking you in some sort of email phishing scam. Or they can send a regular message via social media such as facebook messenger. No matter the method they use, the goal is always the same – trick the user into click or downloading something to get the malware payload onto your device.

One of the first major recorded ransomware attacks occurred in 1989 when an attacker targeted a vendor in the healthcare industry. And 32 years later, the healthcare industry is still one of the top targets for ransomware attacks.

Back to the recent ransomware attack

Now that you have the definition and first recorded ransomware attack on Beyonce’s internet – let’s bring it back full circle to the present day to discuss what happened recently that halted gas pipeline activity for a major company.

In a statement released this past Saturday, May 8, 2021, Colonial Pipelines let the public know that it had to temporarily halt its pipeline operations due to a cyberattack that happened the day before. We now know that the cyberattack was indeed ransomware, forcing the company to take their key systems offline in order to avoid more infections to their systems. In typical investigative response efforts, the company engaged an external cybersecurity firm in order to help them figure it all out. Now while for most, the story usually ends here in terms of national coverage or the everyday consumer paying attention to this type of attack. But this time things are different as this attack impacted some consumers as gas for our cars are now potentially delayed – sparking a ridiculous panic with people hoarding gas. Impacted customers were mainly in the East Coast – ranging from New York all the way down to Florida and parts of the south to mid-east.

Questions that needed answers soon started to form – including did Colonial Pipelines turn off the faucet to stop the spread of the ransomware attack or was it because their operational systems were affected and they couldn’t make a move. Meanwhile, the White House administration declared a state of emergency in 17 states sparking a fuel panic as to whether or not people would be able to idk get gas or avoid prices jumping to $20 a gallon? While understandable for some who have to rely on transportation to get back and forth to work if required and a bunch of other reasons to get gas, the panic this cyberattack caused was pretty entertaining to see on twitter. And in reality, really speaks to the really fragile state we are in when a cyberattack can cause massive panic across the nation.

As of 5 pm this past Wednesday, the pipelines were back to life – with an announcement that majority of its markets will have fuel by Thursday. In addition to the state of emergency declaration, The Biden administration also signed an executive order aimed as improving the federal governments cyber defenses, especially because we are not that far removed from the solarwinds attack.

It has also been identified that the culprits of the attack are called Darkside and apparently originated inside Russian borders. Darkside is a for-profit ransomware group, in Russia, that steals company data and holds it for ransom ranging from 200k to 20 million. In this particular case and as of this past Wednesday, Colonial said they were working with law enforcement to mitigate the damage and had NO play to pay the ransom to decrypt their files and get back up and running.

Well apparently, according to the reports and Maury, the lie detector test determined that was a lie. As of today, it is being reported that the pipeline distributor paid $5 million dollars to restore its network after it was pressured to get things back running very quickly. The company has not confirmed any of this with reported but sources familiar with the payout told Bloomberg that they paid the ransom hours after the attack.

Now if you’re a regular of security in color then you know that i know know that the decision to pay ransomware is a very difficult one and I, for one, would not want to be in their shoes. Majority of us are against paying ransoms as you are never guaranteed to get your data back even if you pay. But..if they indeed paid out this ransomware this just gives attackers ONE more reason to continue to use ransomware against literally everyone to try and extort money anyway they can. This attack is yet another reminder of how fragile our country’s infrastructure services are to cyber attacks. Criminals know that our systems are dependent upon one another and therefore if they can get in and disrupt something major they can cash out in a major way. While the US Treasury warned last year that organizations can be imposed sanctions by the government for paying a cybercriminal a ransomware, they also are not in the seat that colonial pipelines were in and honestly none of us know how we would react. On record, we would all say we wouldn’t pay until it is us in the hot seat.

Either way, I hope this attack not only highlights the need for a MAJOR, and I’m talking MAJOR rehaul of our national, state, and local cybersecurity infrastructure but also wakes the average person up to how close cybersecurity is starting to hit home for people and the important for literally everyone to be cyber vigilant. Attackers going after everyone and require everyone to participate in an effective response. That includes you, your parents, your children, your spouse, your neighbor, your coworker. You may not work in the cybersecurity industry but you sure can be impacted by it. So why not take the time to learn a little more about how you can be a cybersecurity champion right? I mean…that’s why you’re listening right?

That’s a wrap for today’s episode. I hope this was informative and I will see you next time!