BicDroid | News | 2021 Solution for REvil Ransomware Attacks

News | 2021 BicDroid Provides a Solution for Ransomware Attacks on Colonial Pipeline



Colonial Pipeline Ransomware Attack: What Are Other Pipeline and Gas Companies Doing Better?

May 16, 2021

Waterloo, ON - The shutdown of all Colonial Pipeline's facilities on May 7, 2021 had an immediate effect on consumers and business across US Eastern and Southern states. Colonial Pipeline supplies over 45% of the fuel to these states. Within hours real concern began to grow about the availability of fuel and other petroleum products over the coming days and weeks. As gas stations began to run out of gasoline, price spikes began squeezing consumers' pocketbooks immediately. With no supply the number of closed gas stations soon reached 16,000!

The culprit for this unprecedented pipeline shutdown was the ransomware gang DarkSide, with a demand of millions of dollars to be paid in Bitcoin. After several days, Colonial Pipeline quietly paid DarkSide the 75 Bitcoin ransom (approximately 4.4 million USD). But this was not the immediate end of this situation. While smaller pipelines that were not infected began to be activated, the computers that had their files encrypted by the ransomware needed to be decrypted. The decryption tools provided by the gang worked very slowly causing the recovery to drag on for days. Colonial Pipelines began employing alternate methods to try and speed up the recovery. By May 15, 2021 – over a week after the attack - the pipeline reported all of its systems were back online.

Clearly Colonial Pipeline's security was not enough. The cyber-protection implemented at Colonial Pipeline was bypassed by the gang who likely operated within the network for weeks before launching the ransom demand. Traditional protections such as firewalls, anti-virus scans, and network scans all fell short. If more advanced security software like BicDroid's QDocSE had been installed, then the protected data could not be encrypted by the gang and Colonial Pipeline could have continued operating. Other pipeline and critical infrastructure companies, such as those in Shanghai and other regions, have actually recognized this earlier and better prepared their cyber-response playbook by using QDocSE to protect critical data.

Adopting the data-centric security model, QDocSE focuses on protecting data in real-time within a dynamic threat environment. When QDocSE is installed and configured, ransomware gangs cannot gain control of the data. Even if a gang breaks into a system with full administrative privileges, the gang will not get access to the data. This means the data cannot be copied off the system (exfiltrated), and it cannot be encrypted with keys the gang controls. By establishing an end-to-end seamless cryptographically secure chain to enhance the operating system security, QDocSE regulates which programs can access your very important data – malware installed by the gang is not authorized to access data. Furthermore, authorized programs and the libraries they use are carefully monitored by QDocSE to ensure malware is not injected. The configuration of QDocSE cannot be changed by an invading gang, meaning they also cannot bypass QDocSE's security.

"With millions or even tens of millions of dollars at stake these gangs are going to work hard to break into your systems. It is not a question of if, but when, they break in.", says Professor Yang, BicDroid’s CEO, "Our data-centric security model design centers around protecting data even when the system has been compromised. This same design protects data against malicious insiders too."

More details are available here, where a trial of QDocSE can be arranged.

Additional comments and/or quotes about QDocSE, ransomware or other computer security topics can be made available upon submitting a request to sales@bicdroid.com.