The situation surrounding the hack against Colonial Pipeline has only become more complex as new information has come to light, each new discovery providing more insights and potentially actionable takeaways. Let’s examine some of the biggest developments surrounding the attack, and what they will likely mean for overall cybersecurity from this point forward.
Let’s begin with some of the bad news, just to get it out of the way.
Taking advantage of the notoriety that the Colonial Pipeline attack garnered, cybercriminals have designed phishing campaigns to play on the fears of its recipients. Via email, messages have been distributed to organizations offering so-called “ransomware system updates.”
To be fair, this isn’t untrue so much as it is misleading. Technically speaking, they do contain ransomware system updates, in that these messages will update the recipients’ systems with ransomware.
To do so, these fraudulent emails direct the recipient to visit an innocuous-enough-looking website in order to download a so-called system update to help protect their computer. Little does the user realize that these websites have been designed to mimic a legitimate one, just so there’s a higher chance that a user will be fooled. Shortly after news broke that Colonial Pipeline had shelled over the payment the DarkSide ransomware group demanded of them, these phishing emails began appearing in the wild.
On June 7th, the Department of Justice distributed a press release that stated that they had managed to seize 63.7 Bitcoins (valued at about $2.3 million) of what Colonial Pipeline had paid up. By following the money, the FBI located a wallet that they had exfiltrated the key for that had received a significant portion of the ransomware payment. As a result, the FBI was able to seize this portion of the payment.
When this news broke, cryptocurrencies saw their values plummet. After all, cryptocurrencies are supposed to be completely anonymous and secure, so the idea that the FBI was able to track and repossess these funds is disconcerting to many. The market therefore plummeted by 11 percent in a single day.
It is somewhat likely that more government intervention will follow, despite the impacts this would certainly have upon the crypto market. Time will only tell if these efforts will continue.
Clearly, ransomware is not to be underestimated, and these developments will only complicate things further. Cybersecurity is a difficult thing to manage, but Aniar IT Services is here to help. Give us a call at 094 90 48200 to learn more about what can be done to better secure your business.
About the author
Michael is the CTO at Aniar IT Services and has been working in IT for over 20 years.
Mobile? Grab this Article!