In the connected age, ransomware attacks can happen not just to computers at oil and gas companies, but also to IoT devices and IP cameras at other organizations. Taking precautionary measures against such attacks, then, becomes quite important.
Earlier this month, a major US oil pipelines operator suffered a ransomware attack. The truth is, in the connected age, ransomware attacks can happen not just to computers at oil and gas companies, but also to IoT devices and IP cameras
at other organizations. Taking precautionary measures against such attacks, then, becomes quite important.
On May 7, American oil pipeline system Colonial Pipeline suffered a ransomware attack, which impacted computerized equipment managing the pipeline. The company subsequently shut down its operations and paid the requested ransom. It was the largest cyberattack on an oil infrastructure target in the history of the United States.
The perpetrator is said to be the criminal hacking group DarkSide. The attack’s ramifications were not limited to Colonial Pipeline itself but also to a wide range of end user entities, including airports in US Southeast. Panic buying also occurred at gas stations across the region.
Ransomware attacks nothing new
In fact, ransomware attacks are nothing new. The earliest case was reported in 1989. A ransomware attack entails the attacker encrypting files on the users’ computer system, and demanding the user pay a ransom to get the files decrypted.
“The easiest way for ransomware to infect a device is through phishing spam, such as an attachment in an email. Once the user downloads and opens the attachment, the malware can infect and take over the computer and start encrypting files,” said Luke Bencie, MD, and Zachary Smith, Junior Associate at Security Management International
They added: “There are several different types of ransomware flavors, such as CryptoWall, Apocalypse, Cerber, Jigsaw, Locky, and Petya. Each flavor of ransomware infects a device in a different manner, and therefore encrypt files in a different way. However the end result is the same – a user needs to have the decryption key in order to regain control over their files.”
Any smart device is susceptible
Ransomware attacks commonly target computer networks of small and medium businesses who usually have weaker security protocols. But then again, this is the age of IoT. Ransomware attacks can happen to any computer, smart phone or connected device, be it IP camera or NVR.
“Any ‘smart’ device is susceptible to an attack via ransomware. Cameras are more commonly attacked with other types of malware, but ransomware attacks are possible, and have been carried out. There have been no large-scale ransomware attacks on mass groups of IP cameras or other security devices, as those devices are generally targeted by malware such as Mirai
or Mukashi, but there is always the possibility,” Bencie and Smith said.
When struck by a ransomware attack, there’s really little the user can do. “If your device is infected with ransomware, you need to reboot Windows in safe mode, install antimalware software, scan your system, and restore the computer to a previous state. However, doing this will only allow you to regain control of your device. The files infected by the malware are already encrypted and unreadable,” Bencie and Smith said. “Depending on the sophistication of the malware, it will be impossible for anybody to decrypt the files without access to the decryption key held by the attacker.”
What measures should be taken
Fortunately, most cyberattacks, including ransomware attacks, are preventable
. This however requires various precautionary measures taken by the end user.
In the case of Colonial Pipelines, for example, there were certain measures that the company could have taken to avert the disaster. “The simplest thing that the Colonial Pipeline could’ve done is to add two-factor authorization, much like we as individuals can do for our bank accounts and other sensitive information, or to utilize a better VPN. More specifically, the Colonial Pipeline could have restricted file sharing access, blocked Tor proxies, cracked down on security and firewall protocols on file sharing, and added endpoint detection and response on all file sharing,” Bencie and Smith said.
For the rest of us, we should also do our part to protect devices against ransomware attacks. “Most ransomware attacks are performed because of user negligence or naivety. Vendors could mandate the implementation of two-factor authorization for file access, but the burden of preventing ransomware is primarily on the consumer,” Bencie and Smith said. “Like we’ve always been told: don’t click on a link from an unfamiliar email, don’t download files from unknown, insecure, or generally ‘sketchy’ looking sites, and don’t ever give your usernames and passwords to anyone. Don’t enter personal information in pop-up screens, install a phishing filter, and if you receive what you believe to be a phishing attack containing some kind of malware, report it to authorities.”