Reliving Their Darkest Days
Top executives from two recent high-profile cyberattack victims relived their darkest days for the benefit of the more than 5,000 in-person and virtual attendees of the Mandiant Cyber Defense Summit, taking the audience through how they first heard of the attack, interactions with their IT department and boards of directors, the biggest lessons learned from the experience, and the role law enforcement played.
Hackers in December 2020 chained together exploits for multiple zero-day vulnerabilities in the legacy Accellion File Transfer Appliance (FTA) product and exfiltrated data, demanding payment to ensure the return and deletion of the data. The data leak site of the Clop ransomware gang was used to publish some of the stolen data to encourage payment of the ransom.
Then in May, a ransomware attack prompted Colonial Pipeline to shut down its 5,500-mile natural gas pipeline for five days, resulting in more than 10,000 gas stations across the Southeastern U.S. being out of fuel. Colonial Pipeline paid Darkside $4.3 million on May 8 with the hope of restoring operations on its pipeline sooner, although federal officials were able to seize back most of the ransom.
Accellion Chairman and CEO Jonathan Yaron and Colonial Pipeline President and CEO Joe Blount spoke with Mandiant CTO Charles Carmakal about their experience being in the line of fire. From proactively forming relationships with regulators and limiting board updates during an attack to seeking maximum transparency and prioritizing essential systems while restoring, here’s what Yaron and Blount advise.