fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Colonial Pipeline Restores Operations, $5 Million Ransom Demanded

Colonial Pipeline Restores Operations, $5 Million Ransom Demanded

Colonial Pipeline has recovered quickly from the ransomware attack suffered less than a week ago and expects all its infrastructure to be fully operational today.

The company has already brought much of the pipeline system online and is currently delivering refined petroleum products to most of the markets it services.

Quick restoration

Colonial Pipeline manages the largest pipeline system in the U.S., supplying almost half of all the fuel consumed on the East Coast.

The decision to shut down its infrastructure as a precaution after the ransomware attack was followed by the U.S. Department of Transportation’s Federal Motor Carrier Safety Administration (FMCSA) declaring a state of emergency in 18 states.

According to multiple media reports, the shortage caused by Colonial Pipeline suspending product delivery led to an increase in gas prices.

Given this context, the company was under considerable pressure to restart activity and announced today that it “made substantial progress in safely restarting our pipeline system.”

The map below shows in green the segments that are currently operational. Parts of the network that should be operational today are marked with blue lines.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

Colonial Pipeline system restoration map

Colonial Pipeline learned of the cyberattack on May 7th, less than a week ago. It was soon confirmed that it was a ransomware attack from the DarkSide cybercriminal gang created by former affiliates of other ransomware operations that wanted their own operation.

Considering the experience of the attackers, the size of the company, and its importance in the U.S., restoring operations this quick would suggest that Colonial Pipeline paid the attackers for the decryption key and to not leak stolen data.

Ransom payment unclear

Multiple media publications on Wednesday, citing people familiar with the matter, reported that the company had no plan to pay the ransom, albeit Colonial Pipeline did not communicate its official position on this.

However, Bloomberg today reports that Colonial Pipeline paid the hackers almost $5 million in cryptocurrency to get a decryption key and restore its systems. Because the tool was too slow, the company used its backups to restore the systems.

While this move would explain the fast restoration of operations, CNN informs that Colonial Pipeline’s quick recovery was possible after retrieving “the most important data” from intermediary servers in the U.S. that the attackers used to store stolen info.

After getting the data back, the company could have also used its backup system to restore the systems and resume pipeline operations without paying the ransom.

Without important files in hand that could negatively impact the company, the hackers may never leak any data from Colonial Pipeline.

Also Read: What Does A Data Protection Officer Do? 5 Main Things

Update [May 13, 16:53 EST]: Colonial Pipeline has updated its annoucement today confirming that its entire pipeline system is currently operational and that product is being delivered to all its markets:

Colonial Pipeline’s entire system now operational

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us