FBI and CISA are warning against Darkside ransomware attacks. Unless you’ve been under a rock the past few days, you’re aware of the Colonial Pipeline cyber attack. You may not know all the specifics, but what you do know is that ransomware was involved and now the pipeline is shut down. It’s a mess. And the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have identified the DarkSide ransomware group as being responsible.
DarkSide is a Russian group. Although state-sponsored attacks are prevalent, this group hasn’t necessarily been linked to the Russian government. They’ve been extremely active as of late, targeting large American companies for big payouts. The Colonial Pipeline isn’t the first and won’t be the last.
About the FBI & CISA Darkside Ransomware Warning
What We Know
I don’t think there are absolutes we can mention just yet as far as what we know about the Colonial Pipeline hack. What we do know is what the next steps are for other businesses. CISA and the FBI released an alert with mitigations and best practices.
Let’s be honest, these are steps that, if you’re concerned about cybersecurity, you should already be employing in your security landscape. But the fact that ransomware gangs are still able to get in means prevention is still woefully lacking. And prevention is going to be your saving grace against the kinds of cyber-attacks like Darkside ransomware the FBI and CISA are warning about.
As we can see from the after effects of the Colonial Pipeline shutdown, mitigation and detect and respond isn’t the answer. While there are parts of the pipeline that are under manual control, it’s just too large to be fully operational without it’s systems online. So while they make sure their systems are clean and contained, their operations are offline. Wouldn’t it have been better to prevent the attack in the first place?
Best Practices Against The FBI & CISA Darkside Ransomware Warning
Many of the recommendations are steps we should already be using. Have you updated your software or trained your employees on phishing scams? Are you using application allow-listing, also known as application whitelisting software? Do you have control over your RDP ports? Do you have a product with patch management and RDP monitoring that runs using its own patented application allowlisting technology? (PC Matic Blocks Ransomware Ahead of Federal Warning PC Matic cybersecurity solutions can help stop ransomware attacks.)
If you didn’t answer “yes” to each of those, I have to ask why? Ransomware attacks are getting worse. Detect and respond is not a viable only option. The only way is prevention (and common sense practices regarding backups and quick recovery). Paying better attention to preventative technology might have avoided the shut down of a pipeline that services 45% of the east coast. And, to me, that’s a pretty big deal.
Cyber Defense solutions for federal agencies and enterprise using application whitelisting exist. Want more information on PC Matic’s preventative approach for government agencies and business? Let’s talk.
1,823 total views, 4 views today