The Colonial Pipeline ransomware hack has a lot of people concerned about security. If a large company responsible for something as important as transporting gasoline and jet fuel across the United States can be hacked, that means a smaller website doesn’t stand a chance of being secure, right? Let’s take a look at common security vulnerabilities and what you can do to prevent them on your site.
What happened to the Colonial Pipeline?
On Thursday, May 6, a hacking group called DarkSide downloaded over 100 GB of data from the Colonial Pipeline company network and then shut down the company’s internal access to it. This act of hacking, known as a ransomware attack, threatens to hold a computer or network ransom — unless you pay up, you won’t be able to access your data anymore. And in a sort of double attack, DarkSide also threatened to release the data to the public unless the company paid. Ultimately, the company did pay a fee close to $5 million, and the company was again able to access its network on Wednesday, May 12.
In a twist of irony, DarkSide now claims to have been attacked and says it will cease operations as a result. Of course, there’s no way to verify this claim, and DarkSide could easily resume operations later, even under a different name.
But ultimately, the question most website owners want to know is this: Could DarkSide — or another similar entity — come after me?
How likely is ransomware on a WordPress site?
What happened to the Colonial Pipeline is on a different scale than most websites. First, the Colonial Pipeline operates its own network, and it was the network that was attacked, not a website. The Colonial Pipeline stored sensitive data on these servers and was thus an appealing target for hackers. And beyond that, hacking a network involves a completely different process than hacking a website. These hacks happen for completely different reasons, and the types of people who attacked the pipeline have little interest in hacking a personal or small business website.
How can you be so sure? Consider that DarkSide profited $5 million off the pipeline hack. What would your small business do if your site was held ransom with a $5 million bounty? Probably shut down the site and start over, because that’s a lot cheaper than paying $5 million.
A WordPress website is primarily vulnerable to two types of hacking — malware and brute force attacks. We’ve covered these in greater detail before and provided some simple steps to take to protect yourself against each. Ultimately, if you keep your website’s themes and plugins updated, you’re much less vulnerable to malware, and if you select a strong password that you don’t use on any other website, you’re pretty well-protected against brute force attacks. As we detail in our 4 security tips, you can also use a security plugin like WordFence or iThemes Security to make your site even safer.
