Digital Forensics, Global News, Legal

Gas Shortage Due to Colonial Pipeline Ransomware Breach

14 maj 2021

On May 7, 2021, Colonial Pipeline, the largest U.S. pipeline system for refined oil products, was hit by a ransomware attack that forced the company to shut down its entire fuel distribution pipeline.

This most recent ransomware breach of Colonial Pipeline demonstrates that it isn't a question of if you will be impacted by a cyber event, but rather when it will happen. Even the largest and presumably best-protected organizations can become victims of advanced, persistent threats. Over the years, many organizations have become more familiar with the requirements of security and incident response to bring their company back into an operating state. But what about after that? How do you defend the company against further action by customers or regulatory agencies?

A key component to the continued efforts of bringing the organization back to a true pre-loss condition is managing the investigation in a way that any exposed data can be used as evidence in a court of law. Cyber forensics experts, experienced in the preservation and analysis of data, are required to work alongside cybersecurity professionals during the remediation of a cyber breach event to ensure all evidence is preserved and analyzed, and to inform corporate officers and counsel of any data exposure that may have happened as a result of the breach.

The Importance of Cyber Forensics

The need for a forensic review is especially important, as it is becoming more common for threat actors to take data out of an organization during a ransomware event. Not only does this data exfiltration increase the likelihood of an organization paying ransom to keep the data from being sold or published on the dark web, but it also greatly increases the likelihood that sensitive data has been exposed, which can trigger litigation or compliance requirements even after the event itself has been remediated.

Following an attack, cyber forensics experts work with the organization, counsel, IT, and security professionals to establish streamlined preservation efforts while the event is being remediated. These cyber experts seek to understand the types and sensitivity of the data that may have been exposed, which allows them to assess the level of compromise within the organization and identify the specific events and data that were exposed to the threat actor.

In many cases, forensic analysis can assist in reducing the number of systems that are of concern to counsel because no evidence can be found on that system of data accessed by the threat actors. An analysis can also help to reduce notification lists or compliance violations by confirming the exact data that was exposed.

Cyber forensics can help bring certainty to a challenging situation through expert preservation and analysis of computing systems and environment. By helping organizations and counsel understand the extent of compromise and any data exposure in such a way that it can stand up to scrutiny in a court of law, they can feel confident that they are making the best decisions possible after a security breach event.

Har din virksomhed været udsat for skade?

Vores eksperter kan hjælpe dig!

Hvordan kan vi hjælpe dig?

Vi har eksperter i mange tekniske discipliner fordelt over hele verden. Kontakt os, så vi kan finde den rigtige ekspert til opgaven.

 Envista Forensics Logo
Udforsk vores hjemmeside

Vores job er at løse komplekse udfordringer for vores kunder ved skadehændelser. Vi servicerer virksomhedsejere, små som store og uanset, hvor det er henne i verden og uagtet af, hvilket problem de står overfor.