A Review of Colonial Pipeline Ransomware Attack

Abstract

In April, 2021 a ransomware attack occurred on Colonial Pipeline. The details of this attack point to the hacking group DarkSide taking advantage of the design flaws in the Colonial Pipeline network. After extensive research, the specificity of this attack was related to VPN access through an unused account. In order to regain control of their systems, Colonial Pipeline paid the attackers. This act has only created an incentive for similar attacks across the nation. The events of this attack have impacted both the United States, where the company is located and the world in a very negative way. This paper analyzes the attack with published data and provides a detailed attack methodology. From the attack methodology the focus then shifts into the impacts that an attack of this caliber had, on both the company, the United States, and the world. We then outline possible defense strategies against this type of ransomware attack, analyzing what could have been done to prevent this attack from happening. In addition, we also detail how companies can prevent future attacks of this caliber. Finally we wrap up or findings and detail the key takeaways of the entire attack.