Ransomware Preparedness – Two Years After Colonial Pipeline Attack, U.S. Critical Infrastructure Still Not Prepared for Ransomware

It’s been two years since the ransomware attack on the Colonial Pipeline, which many observers view as a watershed moment in cybersecurity. While many positive strides have been made since the attack, which CISA details in a recent blog post, other analysts argue the threat from ransomware is still growing and impacting critical infrastructure organizations.

Since the attack there have been multiple initiatives at the federal level to strengthen the resilience of critical infrastructure. CISA recognized that organizations needed a simple way to access actionable and timely cybersecurity information, and so it developed stopransomware.gov to provide a central location for alerts and guidance for businesses and individuals. CISA also launched the Joint Ransomware Task Force with the FBI to orchestrate the federal government’s response to ransomware and established the Joint Cyber Defense Collaborative (JCDC). Despite these positive developments, ransomware continues to plague organizations. Last year, 870 of the 2,385 ransomware complaints that the FBI received involved critical infrastructure organizations. The FBI’s data revealed that 14 of the 16 designated critical infrastructure sectors had at least one ransomware victim in 2022.

Consequently, many security experts believe more can be done. Theresa Payton, CEO at Fortalice Solutions and a former CIO at the Executive Office of the President at the White House, believes “Critical infrastructure organizations like Colonial Pipeline should adopt zero-trust principles to prevent ransomware attacks, especially as social engineering becomes more realistic, sophisticated, persistent, and complex.” Another expert argues that the government should make it costlier for threat actors by dismantling their online criminal infrastructure.

Additionally, a recent report from the Ransomware Task Force indicates that organizations have made impressive progress in implementing its 48 recommendations. Specifically, the report found increasing public-private and government-to-government collaboration on disruptive activity, increased information sharing, and efforts to reduce some of the risks associated with cryptocurrencies. Nevertheless, a factor that could complicate efforts to tackle the ransomware threat is the continued tendency by victims to either delay reporting an incident or refraining from reporting it at all, which hurts not only the victim but also impacts other organizations defending against similar threats. We are all in this together and reporting your incident could potentially help another organization from suffering a similar fate. Read more at CISA or at DarkReading.