by Dave Moore, CISSP
12/11/2022
Do you remember last year, 2021? The nations largest pipeline, and Oklahoma’s second largest city were hammered by Internet criminals using well-known, preventable ransomware scams and hacking techniques.
The nation’s largest pipeline, Colonial, announced it was the victim of a cybersecurity attack. “We have since determined that this incident involves ransomware,” they said.
“Ransomware” refers to criminals taking your computer files and locking them into an encryption scheme, preventing you from using your own data. In the case of Colonial Pipeline, company data was also copied and “exfiltrated” (geek talk for “stolen”), with the Russian criminal gang called “Darkside” demanding payment to keep them from making Colonial’s private company files public.
The pipeline shut down. Fuel in some areas of the US became scarcer, and prices spiked. Refineries eyed cutting production, as the main tool for moving their product had been cut off.
Exactly how was Colonial victimized? Colonial wouldn’t say, but Jason Jarnigan, FBI Supervisory Special Agent for Cyber Crimes, spoke up. “Either someone clicked a link that they weren’t supposed to, or they receive an email from someone that they know or trust, whose email account may have been compromised.”
In other words, someone working at Colonial did something stupid. It was all downhill, after that. After six days of denials, Colonial admitted they had indeed paid a ransom of almost $5 million on the day of the attack. This delay did not help with public relations.
Hoping to avert a national crisis, the White House issued an emergency declaration, lifting regulations on truck drivers carrying fuel, granting them more overtime hours and less sleep than normal. The EPA and DOE also declared, “an extreme and unusual fuel supply circumstance exists that will prevent the distribution of an adequate supply of compliant gasoline to consumers,” and decided to lift certain pollution standards until things got back to normal.
Closer to home, the government of the City of Tulsa was also crippled by ransomware criminals. “The City of Tulsa is having to relearn how to do their jobs without computers,” reported KTUL-TV. City officials resorted to posting a notice on Facebook in an effort to inform the public.
“We have shut our computer systems at the city down,” said Tulsa Mayor George Bynum. The city announced on Monday, May 10, that ransomware criminals had been inside their networks since April 21.
Officials believe the ransomware entered the city’s computers through an email that was sent to an employee. A number of City of Tulsa services were affected, including fire and police response times, utility payments and employee email. Radios and phones were used in an effort to keep things going.
City officials said they were working with a “security advisor.” An announcement at cityoftulsa.org said, “The City of Tulsa website, along with Tulsa City Council, Tulsa Police, and the Tulsa 311 websites, are currently down for maintenance.” Maintenance, my butt.
Statistics for 2020 show more than 113 federal, state and municipal agencies were ransomware victims, along with over 500 health care facilities, and more than 2,400 school systems, colleges and universities. Keep in mind, this was two years ago. Have we learned nothing since then? The FBI reported cybercrime losses exceeded $4.1 billion in 2020, alone.
Ransomware attacks are not new. They were not new in 2020, and they are quite well-known, now, thoroughly documented, and completely preventable. I first warned of them eight years ago. Whether it’s email phishing scams, remote desktop hacks, or neglected software updates, it is inexcusable that major enterprises like pipelines and governments fall victim to scams and hacks that never should have happened, in the first place.
Stopping ransomware is easy: education and awareness, through proper Internet safety training and hiring true security experts to protect computer systems. Just because someone is a good network or “IT” person doesn’t mean they know squat about cybersecurity. No more putting out fires, and waiting for the next one to pop up.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or internetsafetygroup.org