Following last week’s ransomware attack, restoring the operations of the Colonial Pipeline is now an all-hands-on-deck challenge, involving state and federal governments to jump in and find ways to manage the shortage, according to ongoing statements from the company’s website.

Deputy Secretary of the Department of Energy David Turk issued a video update on the actions the government is taking to handle the crisis, and encouraged citizens to refrain from panic-buying and flocking to the pumps. Instead, he highlighted three actions his department was taking to handle the matter:

  1.     Constant and continuing contact with Colonial Pipeline to help them get up and running to full restoration
  2.     Working with all U.S government agencies, such as the Department of Transportation, Environmental Protection Agency and the Department of Homeland Security and the FBI.
  3.     All decision-makers are updated with the latest information to mitigate supply challenges.

Turk ensured that the pipeline would be back in service soon, but in his message, he did not mention the ransomware attack on Colonial. He did, however, encourage citizens to report incidents of price-gouging to their state attorney general.

Government agencies like the Cybersecurity & Infrastructure Security Agency (CISA) have also been responding to this attack. In a statement to the press, Executive Assistant Director For Cybersecurity Eric Goldstein said:

“We are engaged with the company and our interagency partners regarding the situation. This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”

The Federal Bureau of Investigation has also issued brief statements on the Colonial Pipeline ransomware attack, stating that on May 10, they found that the DarkSide ransomware group is responsible for the compromise of the pipeline’s networks.

This was followed up with a CISA/FBI joint statement, which offered a list of mitigation steps to prevent similar attacks in other vulnerable organizations. These steps include:

  1. Require Multi-factor authentication
  2. Enable strong spam filters to prevent phishing emails from reaching end users
  3. Implement a user training program and simulated attacks for spearphishing
  4. Filter network traffic
  5. Update software
  6. Limit access to resources over networks, especially by restricting RDP
  7. Set antivirus/antimalware programs to conduct regular scans of IT network assets
  8. Implement unauthorized execution prevention by disabling macro scripts from Microsoft Office files, implementing application allowlisting, monitor/block inbound connections from Tor exit nodes and other anonymization services, and deploy signatures to detect/block inbound connection from Cobalt Strike servers.

Actions from the White House include an aggressive executive order as part a series of executive actions that indicate the dire need for improved cybersecurity. The order seeks to “identify, deter, protect against, detect, and respond to” the various cyberattacks that are reaching both the public and private sectors.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent news posts

This is a sample blog post title.
Featured Image

What You Missed: Florida Caribbean Virtual Cybersecurity Summit

This is a sample blog post title.
Featured Image

Secret Service Romance Scam Symposium to Highlight Impact on Victims

This is a sample blog post title.
Featured Image

USSS GIOC Warns Financial Organizations on Mortgage Payoff Fraud

This is a sample blog post title.
Featured Image

Virtual Exhibit Booth Improvements: New Features and How to Use Them

This is a sample blog post title.
Featured Image

Florida Leading in Statewide Cybersecurity with $37M Budget

Attend an Event!

Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.

Register Today