Colonial Pipeline is recovering from a ransomware cyberattack. With any attack that has this level of visibility there’s a ton of assumptions and people leaping to conclusions…especially around attribution.
We don’t have a lot of information about the attack. That’s completely normal at this stage.
The team at Colonial Pipeline is working through their incident response process. Attribution doesn’t happen until the later stages of that process (if ever!) but a critical step is “containment.”
That’s what prompted the pipeline closure and—while difficult—it’s good that they took that step to reduce any potential damage.
Ransomware very often tries to encrypt any and all systems it can reach. Stopping the spread most likely saved the team an even bigger headache down the line
Learn more in this short…
References
- U.S. Pipeline Cyberattack Forces Closure
- A major U.S. pipeline is still mostly shut due to a cyberattack. Here’s what you need to know
- Criminal group originating from Russia believed to be behind pipeline cyberattack
- Great thread from Kim Zetter on the issue
- Pipeline Hackers Say They’re ‘Apolitical,’ Will Choose Targets More Carefully Next Time
