Cybersecurity Lessons from the Colonial Pipeline Attack

There has been a ton of news coverage about the recent cybersecurity breach of the Colonial Pipeline, which has caused significant gas shortages on the east coast. While it has not been restored, as the writing of this article, the way it was accomplished sets up a dangerous narrative. This attack has also set off bigger infrastructural changes in political spaces.

Let’s take a deep look at the situation to see what insights we can take away from this event.

The Colonial Pipeline Situation

A ransomware infection in the Colonial Pipeline systems was first noticed on May 7th. This prompted the fuel supplier to halt its pipeline operation on the southeast coast, in hopes that the malware would not spread any further. The attack was by a group called Darkside, who used a new method of attack called double extortion, which is where the cybercriminal locks data and threatens to leak it in order to get the victim to pay.

Darkside usually operates a cybercriminal service provider, in which they develop threats that other groups can use. 

When Colonial Pipeline halted its operations, it led to a part of the country suffering from a gas shortage. This led to hours waiting at the pumps and lack of gasoline. Even though they stated they would not be paying the almost $5 million in cryptocurrency the hackers demanded, it has been reported that they finally did so. 

This situation highlights a few serious concerns that need to be addressed by businesses everywhere. This also reveals a few things about the current state of cybersecurity in critical infrastructures.

Ransomware-as-a-Service is a Serious Threat

Darkside has become a prominent cybercriminal business in its short life, only seven months of existence, in which they’ve made at least $60 million. While the affiliate hackers retain most of the ransom fees, Darkside gets a cut because they handle a lot of the work. Darkside writes the ransomware, bills the targeted victims, hosts the data that has been stolen and serves as an IT and PR team for the cybercriminals.

Double Extortion Makes Ransomware Even Worse

Even though Colonial Pipeline had their data in a backup, they still had to pay the ransom fee. This is because the double extortion method was used. Instead of their data simply being deleted if it was not paid, they were also threatening to leak all of the data if they did not pay. This could have had huge repercussions and serious consequences. We obviously don’t recommend ransomware demands being paid out, but we understand why Colonial Pipeline did what they did to get out of this situation. 

Events Like These Will inspire Cybersecurity Improvements

U.S. President Joe Biden signed an executive order to boost cybersecurity protections, especially those surrounding critical infrastructures for the government and private sector companies of our nation. This created a task force committed to prosecuting hackers that use ransomware, and the removal of any barriers in contracts of reporting breaches. 

Cybersecurity is so important, and it won’t ever get any easier for businesses of any size. You should always take the proper security precautions to protect your business To learn more about security solutions available to you, give MyTek a call today at 623-312-2440.

Table of Contents


Our goal is to reinvent the managed IT experience for growing Arizona businesses through a partnership with no long-term commitments, technology options that are flexible to meet your needs and infrastructure and strategy that position your technology as a competitive advantage.

Download Our Price Sheet