Current State of Ransomware Attacks on Energy
The increased dependence on digital communication, automation, and technology within major industries has posed a higher risk for cyber threats to vital industries, particularly the energy sector. With gas and oil fueling many aspects of daily life, protection of these major infrastructures is critical in avoiding the negative consequences these cyber-attacks would bring to the economy of a nation.
The energy sector is increasingly becoming a major focus of criminal ransomware and nation-state threat actors looking for financial or geopolitical gain. With time, ransomware attacks have only increased in destructiveness, effectiveness, and complexity, making it more difficult for major infrastructures to protect themselves across their growing digital landscape. As gas and oil companies continue to seek an increase in productivity, and reduce costs through the implementation of artificial intelligence (AI) and automation, they must also seek to address the cyber threats that come along with these changes as well.
Recent Major Attacks on Energy
Colonial Pipeline
When most think of major ransomware attacks on energy, many recall one ransomware attack taking place in May of 2021, where the major U.S. gas and oil pipeline, Colonial Pipeline, was attacked with ransomware forcing them to pay roughly $5 million to hackers. For the gas and oil giant that supplies more than half of the East Coast’s petroleum, this meant shutting down its pipelines from Texas to New Jersey, causing a spike in gas prices as well as causing airlines issues in fueling planes.
Volue ASA
Just days after the ransomware attack on the Colonial Pipeline, Norwegian energy technology, and infrastructure supplier, Volue Tech was attacked by threat actors. The cybercriminals used a ransomware called ‘Ryuk’, a form of ransomware known to only attack entities with annual revenues of $500 million-plus. According to CWD, the attack on Volue disrupted front-end customer platforms by encrypting data and rendering it unreadable for over 2,000 customers. The attack ultimately forced Volue to shut down applications providing infrastructure to water facilities in Norway.
Port of Houston
In August of 2021, the Port of Houston, a critical piece of the U.S. Gulf Coast supply chain, successfully defended itself against a cyber-attack. According to officials, the attack had been attributed to suspected ‘nation-state’ hackers. In following its facilities security plan, as guided by the Maritime Transportation Security Act, Port Houston was able to defend itself successfully, and released a statement saying that “no operational data or systems were impacted.”
Germany Oiltanking/ Mabanaft & Amsterdam-Rotterdam-Antwerp (ARA)
More recently, attacks on two major European oil refining hubs Amsterdam-Rotterdam-Antwerp (ARA) in the Netherlands and German Oiltanking/Mabanaft were struck with ransomware, which considerably disrupted a total of 17 different refinery terminals, inhibiting the processes of loading and unloading of products in February 2022. Refined products needed to be taken to other ports in the meantime, stifling the flow of critical energy resources throughout northern Europe.
Impact of Attacks
These attacks on critical infrastructure have the potential to disrupt foundational support to current economies and the functioning of societies. On the other side, these attacks have sparked the conversation on cybersecurity within critical infrastructure, and have pushed governments to act. For example, following the Colonial Pipeline attack U.S. President, Joe Biden, signed an executive order to strengthen cybersecurity across the federal government and critical infrastructure. From here, mitigating cybersecurity threats within critical industries are left to top executives and board members of organizations to implement guidelines, follow regulations, and actively pursue the cyber protection of their organization.
Prevention
To help guide senior leaders, the World Economic Forum’s Cyber Resilience in the Oil and Gas Community developed the following guiding principles, to help industry leaders and CISOs work towards securing their critical infrastructure.
- Establish a comprehensive cybersecurity governance model
- Promote security and resilience-by design culture
- Increase the visibility of third parties’ risk posture and consider broader ecosystem impact
- Implement holistic risk management and defense mechanisms with effective preventive, monitoring, response, and recovery capabilities
- Prepare and test a resilience plan based on a list of predefined scenarios to mitigate the impact of an attack
- Strengthen international public-private collaboration between all stakeholders in the industry
Need help with response and monitoring as stated in the guideline above? AgileBlue is here to help.
AgileBlue is a SOC|XDR-as-a-Service platform that is proven to detect cyber threats faster and more accurately across your entire digital infrastructure and cloud. We provide 24/7 monitoring, threat detection, cloud-based SEIM, and response to identify a breach before it occurs.