Case Study: Colonial Pipeline Company achieves faster threat detection and reduced ransomware risk with Lepide

How Lepide Would Have Helped to Prevent the Colonial Pipeline Attack

Lepide is a data security platform that in this theoretical case study outlines how it could have helped in the May 2021 Colonial Pipeline ransomware attack. The real-world incident began when attackers used leaked credentials for an inactive Active Directory/VPN account to exfiltrate data and deploy ransomware, forcing a six-day shutdown, widespread fuel shortages, and a multi-million-dollar ransom—this analysis is hypothetical and Colonial Pipeline did not participate.

Lepide’s approach would have reduced the AD attack surface by automatically disabling or resetting inactive accounts, used anomaly analysis and real-time alerts to flag unusual logins and activity, and enabled automated responses (for example ending sessions or isolating servers). Comprehensive logging and investigation tools would have clarified the attack’s scope, enabling faster, more targeted containment—potentially minimizing damage, downtime and disruption to critical infrastructure.

Colonial Pipeline Company