Newsletter Ransomware

Employee Follows Policy to Report Colonial Pipeline Attack

A little before 5 a.m. on May 7th, 2021, an employee at the Colonial Pipeline noticed a ransom note on their computer demanding cryptocurrency. This employee followed the company’s policies and procedures and immediately reported the situation.

The Colonial Pipeline attack might be one of the largest and most impactful cyberattacks in history. It started when the hackers gained access to the Colonial Pipeline networks by using a leaked password to enter the company’s VPN (virtual private network).

  • What is a ransomware attack? A ransomware attack is when hackers gain access to an organization’s system, encrypt and lock all of the data, and then demand payment.
  • The VPN did not use multi-factor authentication, a cybersecurity tool that adds an additional layer of protection.
  • After extensive research, they found no evidence of a phishing attack. This led them to believe that the password used was the same password for another account that had been previously hacked.
  • One of the country’s largest pipelines was shut down, impacting gasoline accessibility and prices for about two weeks.