Top 3 Energy Industry Cyber Attacks of 2021

The energy industry is the economic lifeline of every economy. From electricity to power our traffic systems, hospitals, and water treatment plants, to the oil producers that keep our automobiles moving. With so much relying on the industry, there are those who would seek to interrupt service or profit from their work. Today we’re looking at the three most important cyber attacks on the energy industry from 2021: 

1. Colonial Pipeline

It’s hard to start anywhere else but with Colonial Pipeline. The ransomware attack was the most disruptive ever on US infrastructure. The Colonial Pipeline supplies around 45 percent of the East Coast’s fuel needs. From Texas to New York, fuel shortages arose overnight.  This ransomware attack resulted in a $4.4 million ransom payment made to DarkSide, a portion of which the FBI helped recover a significant proportion. Aside from that direct cost, gasoline shortages resulted from panicked motorists queuing up to fill up their tanks in light of the news. This attack reminded the average public of the role cybersecurity plays in our everyday lives. 

2. Volue ASA

The ransomware attack on Volue ASA occurred just before the Colonial Pipeline attack. In their case, the Norwegian energy company was targeted by Ryuk ransomware. The attack on Volue ASA was interesting in that it focused on encryption of files, databases, and applications only. This stands in contrast to the usual tactic of double extortion.  According to Volue no ransom was paid and operations were restored after some time. 

3. COPEL and Electrobras

For this list, we chose to group these two attacks. COPEL and Electrobras are state-owned Brazilian utility companies. In February 2021 DarkSide, the same ransomware gang responsible for the Colonial Pipeline attack extracted 1,000 gigs of data from COPEL’s systems.  At the same time, an unidentified ransomware gang struck at Electrobras. This led to both electricity providers disconnecting from National Interconnected System which helps to route electricity throughout the country.   

How to avoid joining the companies on this list:

CybelAngel offers multiple tools to reduce the cyber risk from ransomware gangs. Tools like Account Takeover Prevention can help protect a company by locating exposed credentials available on the web to be secured or updated before threat actors use them in a cyber attack.  Asset Discovery and Monitoring can identify exposed or vulnerable digital assets such as IoT/OT , active and lightweight directories, and remote access protocols that threat actors can exploit to further a cyberattack, through brute-forcing, credential stuffing or vulnerability exploitation.  Domain Protection is another layer of defense that identifies when threat actors have created a fraudulent domain to collect passwords, logins, or other sensitive information, or to execute malware.