How you can prevent ransomware cyberattacks (like the one that shut down a fuel pipeline)
May 11, 2021, 2:05 PM
Signage is displayed on a fence at the Colonial Pipeline Co. Pelham junction and tank farm in Pelham, Alabama, U.S., on Monday, Sept. 19, 2016. Customers buying gasoline at grocery stores and other independent retailers may pay more than those shopping at name-brand outlets after the biggest gasoline pipeline in the U.S. sprung a leak in Alabama on Sept. 9. Colonial Pipeline Co. has proposed restarting the line on Sept. 22, according to the Alabama Emergency Management Agency. Photographer: Luke Sharrett/Bloomberg via Getty Images
SALT LAKE CITY — We all heard the story, and we all want to know how to prevent it happening to us: a ransomware attack that targeted a fuel pipeline on the east coast.
They call themselves modern-day Robin Hoods. Good guys? Hoods, as in terrorists.
“It sounds so dreamy. I mean it sounds exciting and noble,” said Dave Noriega. “But it’s stealing, right? It’s straight-up extortion.”
Debbie Dujanovic suspects this cyberattack is only the beginning. What’s next? Water supply sources? The US food chain?
Advice from a pro: Prevent ransomware to avoid pain later
Earl Foote, who is CEO of Nexus IT Consultants, joined KSL NewsRadio’s Dave & Dujanovic to offer some grief-saving advice on how to protect your sensitive data from the “Robin Hoods” on the Worldwide Web.
Foote shared tips for businesses to prevent ransomware cyberattacks.
“In the end, the most important thing that you can do is to make sure that you have next generation, what is now known as endpoint security. . . . next gen endpoint security can actually include anti-ransomware,” he said. “You also want to be doing proactive monitoring for potential breaches across your networks for business.
“You want to be making sure that you are keeping all of your software packages, your operating systems, all of the third-party pieces of software that you use up-to-date with the latest security patches,” Foote said.
“Once you pay the ransom, is it likely that they’ll unlock it for you?” Dave asked.
“In about 75% of the situations, you will actually receive the decryption tool — a piece of software that will help you decrypt the file,” Foote said ” . . . Chances are you’re going to lose data if you do not have good robust backups . . . which give you a pretty good chance of recovering at least portions of what you have.”
University of Utah Pays $457K After Ransomware Attack
“The University of Utah, when they were on the show this morning, Earl, they specifically said look, one of the lessons that we learned was make sure that you have really good passwords and two-factor authentications. What’s your advice in that regard to the average home user?” Debbie asked.
Make your passwords l-o-n-g
“I would have good password management, which means you probably need to use a password-management tool. There are a fair amount of them available that are good solutions for consumers that are free or have a small yearly fee,” Foote said. “I wouldn’t use unique passwords on every single account. Don’t repeat passwords on any account. Have the password randomized. You need uppercase letters, lowercase letters. You need special characters, and you need them to be long, generally a minimum of eight characters, but 12 to 16 characters is even better.”
“12 to 16 characters. You’re right. I would definitely need a password manager to remember all that stuff,” Dave said.
Background of pipeline cyberattack
The FBI said Monday that a ransomware gang known as “Darkside” was the group responsible for a ransomware cyber-attack over the weekend that forced the shutdown of the Colonial Pipeline networks, which carry gasoline from Texas to the Northeast, according to Fox Business.
“Our goal is to make money and not creating problems for society,” DarkSide wrote on its website.
The pipeline carries 2.5 million barrels a day, which represents 45 percent of the East Coast’s supply of diesel, gasoline and jet fuel.
The Colonial Pipeline took itself offline Friday after the cyberattack. Work to restore service is continuing.
“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks,” the FBI said in a statement Monday. “We continue to work with the company and our government partners on the investigation.”
At the White House on Monday, President Joe Biden said that he was being “personally briefed” on the situation with the pipeline each day, according to BBC News. Cybersecurity researchers, including firms contacted by the BBC, believe the cybercriminal gang originates from Russia; its software appears to leave systems where “Russian” is the default language alone.
Dave & Dujanovic can be heard weekdays from 9 a.m. to noon. on KSL NewsRadio. Users can find the show on the KSL NewsRadio website and app, a.s well as Apple Podcasts and Google Play.
