Colonial Pipeline’s Ransomware Attack is a Cautionary Tale

Last week’s cyber attack on Colonial Pipeline should be a cautionary tale for any organization where the business involves critical infrastructure and this includes utilities, hospitals, school systems and municipal governments.

For anyone working in IT, it should be obvious by now that the days of keeping bad actors off networks are over.  The ransomware organizations are smart, well-funded and highly motivated; they will get in if they really want to.  If these attacks are inevitable, it is incumbent on organizations to plan for how to do a fast and secure recovery.   Colonial took almost a week to restore systems causing panicked consumer gasoline purchases that only increased prices at the pump.  Does anyone think that is acceptable?

There are two issues with traditional ransomware recovery that need to be re-examined. 

  • Most organizations rely on the snapshot capability in their virtualization platform or backup system to restore servers.  Experts have now seen ransomware lurk on systems for months, looking for valuable information, before it does anything.  Rolling back in time to find clean snapshots or backup images will unacceptably extend recovery time.  
  • Most workstations have no protections, they are not backed up since there is no data there and there are no snapshots.  If the organization has an imaging server ready to go, it can take days or weeks to reimage hundreds of endpoints.  Once all the systems are reimaged, departmental applications and license keys must still be located and installed on the appropriate machines, extending the total recovery time.


Raxco’s InstantRecovery is a software solution that restores the operating system (OS) and applications on any Windows platform in the time it takes to reboot.  InstantRecovery is designed to restore exactly what was on a single machine, or thousands of machines, in just minutes.

For critical infrastructure organizations, InstantRecovery means operations can resume almost immediately, minimizing the risks of a prolonged outage.  For non-infrastructure businesses, InstantRecovery means a smooth resumption of normal business activity with minimal disruption to customers or vendors.  InstantRecovery might even let you get lower cybersecurity insurance premiums, which are going up almost 50% this year.

Do not be the next Colonial Pipeline story in the news.  InstantRecovery saves time, money and reputations.

Category: InstantRecoveryPC ProtectionransomwareSystem AdministrationSystem Recovery