Why did Colonial Pipeline Pay the Ransom?

silhouette of person on window

Bloomberg recently detailed the circumstances of Colonial Pipeline’s payment to the hacking organization that brought down their pipeline.

Why would a company decide it is in their best interest to pay a ransom? Company’s end up paying more often than one would think, they often do so, because restoring their business operations is critical and would take too long without giving in to the criminal’s demand. Colonial’s backups failed to be an adequate defense to the ransomware attack.

According to the Bloomberg article, Colonial decided to pay very quickly; However, even with the payment, the solution was so slow – they ended up using their backups to speed the process. The FBI discourages organizations from paying the ransom in a RANSOMWARE attack.

Let’s talk about a ‘RANSOMWARE attack’ for the benefit of people who are unaware of how such attacks hold organizations and individuals hostage. In most RANSOMWARE attacks, files on the computers of businesses are encrypted using software tools with a password. This makes them unusable by people or software; they can not be unencrypted without the password. One gets the password for the ransom.

A strong back up plan is more than simply backing up your files!

Disasters

Take a step towards protecting your business

Step 1 to avoid paying such ransoms is to have a strong backup of your computing needs. At first glance, it looks like Colonial had backups of the files needed to bring them back to operation; However, just having a backup is not “really” enough. Yes, the backup would have allowed Colonial to recover the lost data – but as they learned the hard way, it takes time to restore the computer’s files. While the files are being restored from backup the computers are unusable. You have not really completed Step 1 if you have not successfully tested your backups.

No computer backup can be relied on unless it has been restored and tested. As part of setting up your backup plan, documentation should be developed that completely describes what is being backed up, why, and how critical the data is for business operation. Timeliness is part of that critical section. If one can not execute the plan within a period of time-critical to business operations, the money spent is wasted and the backup is a placebo.

This is about more than technology

Most organizations do not have adequate backups and unfortunately, I am not simply referring to the lack of a plan or the lack of testing that plan. I am referring to coverage of critical assets. Identifying critical assets? Often these decisions are made by default, if at all. The default can be really bad, worse than none sometimes. “Timeliness” is critical to restoring and the default will likely lead to the slowness that is unacceptable. I would offer a backup plan template but there really isn’t one that works without the “why” and “critical to my business” part, a good plan is developed with an organizations’ goals and work in mind. I will offer some things to keep in mind as you work on your plan.

This post is already long – So it is going to become a series of blog posts. So you while you wait for the next in the series, consider this: Sophos research suggests that average ransomware recovery costs are now $1.85 million compared to $761,106 a year ago. One can say my business is not worth that (maybe it is), that probably means it is a business ending event. More disturbing paying the ransom probably will not get your data back.

white ceramic mug with coffee on top of a planner

Time is critical but how critical is that data

How long can you be without your computer? And the information you manage? You will stop being able to service your customers. How long before they are disappointed? Find someone else? How much will working around the issues cost now? In the future when you have to make up for the workaround? Or as is likely in Colonial’s case, Will you be able to gather billing information on your services/products? If you start thinking about workarounds, good, write them down. While you are writing down possible workarounds, add the costs associated with the workaround. While you’re creating your plan, think about who needs to be involved, who needs to be notified, and what you are telling them about the outage or slow down.

Consider your new customer onboarding process. Consider your service/product delivery process, consider every process that your customers interact with. Consider your employees, record keeping, new employees, will your employees be able to deliver services/products? how? How fast will they adapt to the workarounds? – yes, it touches everything.

Finding the right solution is critical to affordability

Next time we will consider costs vs time and if your workarounds fit your budget? Soon we will look at a standard template for the technology parts of this exercise – that’s only part of it. The part we are working through right now is way more important.

If you want to get started quickly and want to work with us, drop us a note, give us a call, and we will work with you and/or your team to get this working for you. We offer several technology solutions from cloud/hybrid to local only and we can help you with the important part, testing the plan.

Share:

More Posts

Send Us A Message