Ransomware is increasingly being used in recent years by cyber criminals around the world to bring big corporations and organisations, including governmental organisations to their knees. Risk management teams must understand the very real IT risks involved with these types of attack and determine solutions to prevent them from happening as best as possible.
Colonial Pipeline Attack
On 7 May 2021, US fuel pipeline Colonial Pipeline shut off all of its systems after it had suffered a major ransomware attack. The result was crippling to US petrol prices, surging to seven-year highs and sparking supply shortages in the Southeastern United States. To date, it remains the single largest cyberattack on an oil infrastructure target in American history.
The attackers demanded payment of 75 Bitcoin (worth approximately $5 million at the time), which was subsequently paid out mere hours after suffering a debilitating systemwide ransomware attack. Upon receipt of the payment, Colonial was sent a software application to restore operability, albeit slowly.
Although President Biden declared a state of emergency in response to the attack, the company was essentially left to fend for itself. To make matters worse, it isn’t yet clear who was behind the attack nor is there any guarantee that such an attack will not happen again to them (or anyone else, for that matter).
Massive Medical Ransomware Attack in Ireland
Days after the Colonial Pipeline cyberattack in May 2021, the Republic of Ireland suffered its worst ever cyberattack through the use of ransomware. The target this time was Ireland’s public health care system, which should speak to the potential gravity of a major ransomware attack. This is not to say that crippling a large part of a major world power’s oil supply is any less shocking, but to shut down a health system has direct life or death consequences.
In response, Ireland’s health service shut down its IT systems and locked hospitals out of their computers, which locked out patient records, appointment bookings, and email systems altogether. The health service has requested assistance from Interpol and other Irish agencies to contain the spread of the ransomware and to investigate further.
If It Can Happen to Them, It Can Happen to Anyone
As IT systems and cybersecurity continues to improve year after year, so too do the tactics of hackers in a never-ending arms race of cyber cat and mouse. All it takes is one wrong click on an email attachment for these types of ransomware to shut down an entire IT system, so the IT risk is massive for any organisation.
This is nothing new, however. In 2017, the NHS in the UK was afflicted with the WannaCry ransomware. Cyber criminals have long been using this type of attack with great success and crippling results.
Consider that by negotiating with the attacker, they will often request payment in cryptocurrency but there is no guarantee that they will honour their end of the bargain. At best, the criminal will delete any data that they have compromised, restore full functionality, and be on their way. But there’s no guarantee that they will uphold their end of the bargain at all, which could mean paying out millions only to be left with a crippled IT system and a massive loss in reputation due to your organisation’s vulnerability.
Risk Wizard UK
Try Risk Wizard today to experience quality risk management software that is functional and built with risk management professionals in mind.