Superior Plus Ransomware Attack: Propane Distributor Recovery Updates
Superior Plus, a propane distributor with over 780,000 customer locations in the United States and Canada, experienced a ransomware attack on Dec. 12, 2021, the company disclosed. Superior Plus temporarily disabled certain computer systems and applications as it investigates the incident.
At this time, Superior has no evidence that the safety or security of customer or other personal data has been compromised, the company said. Superior has secured its systems to mitigate the ransomware attack’s impact on its business’ data and operations.
In addition, Superior has retained independent cybersecurity experts as part of its ransomware attack incident response, the company indicated. Superior also is working with its customers and partners to remediate the situation.
It’s unclear whether the ransomware attack was related to the Log4j vulnerability that MSSPs and cybersecurity professionals have been racing to mitigate in December 2021.
Are Cybercriminals Increasingly Targeting Critical Infrastructure Providers?
The Superior ransomware attack comes after cybercriminals have increasingly targeted energy, health, manufacturing and other critical infrastructure providers in 2021.
In Canada, 235 ransomware attacks were reported between Jan. 1, 2021 and Nov. 16, 2021, according to a Centre for Cyber Security cyber threat bulletin. More than half of these attacks were launched against critical infrastructure providers.
Moreover, ransomware operators will likely become more aggressive in their targeting of critical infrastructure providers and other organizations, the Centre indicated. They also may demand significant ransoms.
Tips to Protect Against Ransomware Attacks
To mitigate the risk of ransomware attacks, the FBI and CISA say MSSPs and MSPs should take these seven steps:
- require multi-factor authentication (MFA);
- implement network segmentation;
- scan for vulnerabilities and keep software updated;
- remove unnecessary applications and apply controls — and be sure to investigate any unauthorized software, particularly remote desktop or remote monitoring and management software;
- implement endpoint and detection response tools;
- limit access to resources over the network, especially by restricting RDP; and
- secure user accounts.
How MSPs and MSSPs Can Respond to and Recover From Ransomware Attacks
If a ransomware incident occurs, then the CISA, FBI and NSA recommend the following four actions:
- Follow the Ransomware Response Checklist on p. 11 of the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
- Scan your backups. If possible, scan your backup data with an antivirus program to check that it is free of malware.
- Report incidents immediately to CISA at https://us-cert.cisa.gov/report, a local FBI Field Office, or U.S. Secret Service Field Office.
- Apply incident response best practices found in the joint Advisory, Technical Approaches to Uncovering and Remediating Malicious Activity, developed by CISA and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom.