What Important Lessons Can Be Learned from the Ransomware Attacks on Colonial Pipeline & JBS?


The massive gas shortages caused by the ransomware attack on Colonial Pipeline have gone away, but the rise in gas prices is still being felt around the country. When Colonial Pipeline was hit with ransomware on May 7th, the pipeline that supplies 45% of the East Coast’s gas, diesel, and other petroleum-based products was shut down for nearly a week. . As a result, the national price for a gallon of gasoline to rise to over $3.00 per gallon. This was a place it hasn’t been since 2014.

Then, when that attack was still in the news headlines, another major ransomware attack hit JBS, the world’s largest meat producer. The company’s facilities both in the US and Australia were impacted. They were shut down and at a standstill for several days. This caused worries about the impact the attack would have on the U.S. and global food supply. Both attacks illustrate the devastating effects of ransomware and why it’s been growing in volume and cost. Additionally, both companies paid the attackers’ ransom demands. Colonial Pipeline paid a reported $4.4 million and JBS paid $11 million in ransom. Ransomware has become one of the most dangerous threats to a company’s operations. Therefore, it’s vital to ensure that cybersecurity efforts include multiple safeguards that do two important things:

  1. Reduce the risk of a ransomware infection happening; and
  2. Provide for a fast recovery should a successful attack occur.

Ransomware remediation costs have more than doubled in the last 12 months from $761,106 to $1.85 million. One ransomware attack can shut companies down completely, and due to how fast ransomware spreads, remediation can be complicated. Therefore, there are several lessons to be learned from these recent high-profile attacks that you can use to reduce your risk of becoming a victim of ransomware.

Takeaways to Strengthen Your IT Security Posture

All Your Logins Should be Using Multi-Factor Authentication (MFA)

The hackers got into Colonial Pipeline’s system to infect it with ransomware due to an unprotected VPN account. In Senate testimony, Colonial Pipeline’s CEO said that hackers got in through a virtual private network account that was not intended to be in use. The account did not have multi-factor authentication protecting it; thus hackers were able to crack the password to breach the account, and through that, the network. MFA is one of the best safeguards you can have in place for all your cloud and web application accounts. It’s 99.9% effective at stopping account compromise because the hacker typically won’t have access to the device that receives the MFA code. That one simple tactic could’ve potentially prevented this pipeline disaster. 

It’s Vital to Have a Practiced Backup & Recovery System In Place

In both of these high-profile cases, the hackers won in the sense that they scored millions of dollars in ransom. Why did Colonial and JBS pay the ransom? They both cited the need to get operations back up and running quickly to mitigate the impact on their customers. Unfortunately, far too many companies pay the ransom to attackers, which is what’s caused ransomware to grow rapidly over the last few years. 56% of victims pay the ransom demand to ransomware attackers.

Even companies that have a backup will pay the ransom if the backup takes too long to restore and they think paying the ransom will get operations back up and running sooner. Companies that want to avoid being in that situation need to have a managed backup in place for all their business data on all devices. That backup should also have a fast recovery process and that process should be practiced at least a few times a year so your team is ready should an attack occur.

Ransomware Has Far-Reaching Impacts, Making Prevention Crucial

The Colonial Pipeline and JBS attacks may seem miles away from your own company as far as size and impacts from an attack. However, every business has employees, customers, and vendors that are impacted when a company is shut down. Additionally, the costs of ransomware to small businesses don’t just include the immediate downtime and the costs to remove the malware and restore systems. It also includes the long-term loss of trust and business reputation that results in lost sales and opportunities. It’s crucial to make the prevention of ransomware and other cyberattacks a top priority and put a solid IT security strategy in place that includes safeguards such as:

  • Next-gen firewall
  • Managed Antivirus/anti-malware
  • DNS filtering
  • Email spam/phishing filtering
  • Zero-trust tactics like application safe listing and ring-fencing
  • Multi-factor authentication
  • Network security and VPN for remote staff
  • Patch and update management
  • Cloud & mobile device security 
  • Account access monitoring 

Request an IT Security Audit Today to Ensure You’re Protected

Copperband Technologies can help your southern Kentucky or Middle Tennessee business ensure you’re not a sitting duck for a ransomware attacker. We can do a full IT security audit to let you know where you stand. Contact us today to schedule a consultation! Call 931.263.8000 or email us.