The Cyber Consultant

“The incident — the worst cyberattack to date on critical U.S. infrastructure — should serve as a wake-up call to companies about the vulnerabilities they face.” – CBS News
 
Yesterday, my friend texted me, “Our gas pipeline was hacked by ransomware.”
 
At first I thought it was a small scale issue, “at your job or the city?” I asked.
 
“No our national gas line,” he replied.
 
I was taken aback and replied, “Oh my! Unfortunately I’m not surprised though.”
 
I wish could could say I was shocked or the U.S. didn’t know this was a possibility, but I simply can’t. We’ve been warned too many times by security experts and prior attacks that this was coming.
 
I’ve studied a lot about infrastructure security and originally it was going to be a major topic in my book, until I realized it would take an entire book to explain the importance of this issue alone. However, it is still one of my favorite cybersecurity topics. For years, the U.S. has continued to add vital infrastructures to our power grid and the Internet making it more vulnerable to hacking.
 

The pipeline in this case has been subjected to a ransomware attack. These types of attacks fall under the bracket of cyberextortion. It is the cyber equivalent of a criminal taking away something or someone you care about and demanding money for its release.

The FBI does not recommend that companies or organizations pay the ransomware fee. This is a last resort, since even if you pay them what they are demanding, it is still not guaranteed that they will unlock and return your precious items.

However, many times critical infrastructure companies have no choice. They must return to operations ASAP and trying to break the encryption yourself can be time-consuming and tedious.

Who is DarkSide?

The FBI has confirmed to the public that they believe the attack was coordinated by a relatively new cybercrime organization by the name of DarkSide. It is impressive that authorities have been able to attribute this crime to a specific group. I speak in depth in my book, Cyber Curiosity, about the difficulties law enforcement experience when attempting to attribute a cybercrime to a particular person or group.
 
This unfortunately, does not mean they are guaranteed to face any real consequences. It also doesn’t automatically mean the ransomware will be bypassed any quicker.
 

DarkSide is a cybercrime group that has created a Robin Hood-esque image. They steal from large corporations and give a share of the profits to charity, but they still keep some for themselves of course.

Ransomware groups, like Darkside, are creating an enviroment where cybercriminals can thrive. Watching other groups successfully hack large entities and vital resources sends a signal to other cybercriminals that they should find large targets too, to maximize their profit from the scheme.

Because of the potential for profit and a lower chance of being arrested for the crime compared to traditional crime, cybercrimes, like ransomware, are becoming more frequent and effective.

Protecting Ourselves from Ransomware

Year after year, our federal government has made promises to improve cybersecurity for essential resources, such as our water systems, power grid, hospitals, and of course gaslines. However, we have yet to see these sweeping changes.

The Biden administration has pledged to be hard on cybercrime and enhance our nation’s cybersecurity. This however is a huge task.

Wired and the New York Times have both expressed skepticism about if these proposed measures will be good enough to stop this current avalanche of attacks the U.S. has experienced in the past few years. With the frequency of these types of cybercrimes increasing, they have no time to waste. An effective cybersecurity plan must be executed now to save our country.

I know that last paragraph sounds bleak, but it is the honest truth. We are 6ft under when it comes to cybersecurity, and we have been trying to dig ourselves out using a spoon. It’s time to pull out the heavy equipment.

So, how does all of this effect you?

Currently, it looks like we maybe facing a gas shortage in the near future, as people panic buy gas in response to the news. If you are business owner, no matter how small, I recommend that you begin to think about your company’s cybersecurity today. There is no longer any time to waste. Don’t let your business end up 6ft under.

I know you’re probably thinking – My business is small, local, and not known on a national scale. Why would cybercriminals target me?

I hate to tell you this, but it doesn’t matter how big or small your business is, there is still potential for an attack. You likely handle client data, depending on your industry that data may be sensitive, and you need your computer systems to remain operational. Ransomware creators know the business owner has valuable data stored on their computers, storage drives, and servers. This makes a small business a good target, even if the business doesn’t have money to pay the ransom. As world-renowned security expert, Dr. Eric Cole, told me in an interview, “It doesn’t matter if you have $5 or $5 million, you can still become a victim of a cyberattack.”

Commerce Secretary Gina Raimondo said that ransomware attacks are “what businesses now have to worry about.” She couldn’t be more spot on. Since we have allowed our cybersecurity preparedness in America to fall behind other developed countries, we have to play catch up and defend our businesses from these devastating attacks.

Secretary Raimondo went on to say, “We have to work in partnership with business to secure networks to defend ourselves against these attacks,” in an interview on “Face The Nation.”

So don’t wait until it is too late to begin protecting yourself and your business. Preparation is the key to effective cybersecurity measures.

Let's Stay in Touch

Over the next several weeks, I’m going to be sharing excerpts and stories from my book, Cyber Curiosity: A Beginner’s Guide to Cybersecurity – How to Protect Yourself in the Modern World in this article series. Here is the link to get your copy  on Amazon! The eBook is 0.99 cents only for the month of May, so get your digital copy today and start reading immediately.

If you want to connect, you can reach me here via email contact@lakeidrasmith.com or connect with me on social media: Facebook, Instagram, Linkedin.

If you want to take your first step to being cyberaware, please subscribe to my weekly Cyber Curiosity Newsletter to get industry news, my articles, and more.