Colonial Pipeline Hack:
A Ransomware Attack
On May 7th, Colonial Pipeline announced that it has been the victim of a serious cyberattack. The issue forced the company to shut down its entire network, leading to major disruptions in its operations.
By attempting to isolate and contain the threat, Colonial Pipeline was also forced to put a halt to pipeline operations, a scenario that quickly led to the service disruption and fuel shortage we are seeing today.
In the following lines, we will explore the Colonial Pipeline hack, addressing what we know so far and what we can expect in the upcoming days.
Two days after the initial announcement by Colonial Pipeline, company officials confirmed that the cyberattack conducted on the company involved ransomware.
This type of malware is used to encrypt data and keep users from fully accessing and controlling their devices. The goal is to extort victims, getting a ransom in return for unlocking their systems back to normal and granting control over their data once again.
The official statement from Colonial Pipeline made very clear that the company was not going to pay the ransom demanded by the cybercriminals. However, anonymous individuals who were familiar with the situation leaked to the media that the company, in fact, paid almost US$5 million to the hackers within hours after the attack was confirmed, contradicting the message sent to the public.
According to the same sources, US government officials were fully aware of the developments and knew about the payment. The ransom was paid in a highly obscure cryptocurrency that will be hard to trace.
According to the FBI’s findings on the hack, the criminals responsible for the attack are linked to the cybercrime group DarkSide, which is known for its extortion and blackmailing operations online.
Officials were swift to clarify that while the DarkSide operatives are most likely located in Russia and other Eastern European countries, they are not backed by the Russian government.
Curiously enough, a few days after the attack and while the situation developed for the citizens who found it increasingly difficult to find gas, DarkSide posted on its website that “our goal is to make money and not creating problems for society.”
The cybercriminal group went on apologizing for the attack, emphasizing their mission to financially profiting from private companies but never by carrying out attacks that may lead to grave consequences to the public society (think of attacking hospitals).
Colonial’s Operations and DarkSide’s End
As we write this, Colonial Pipeline is restarting its supply operations. The company transports 2.5 million barrels of refined product a day, products that include gasoline, diesel, and jet fuel, being responsible for over 45 percent of the east coast fuel supply.
But more shocking, DarkSide announced that it was disbanding as a result of a coordinated attack against the group. According to the announcement, which US officials are still questioning as legitimate or not, “servers were seized, the money of advertisers and founders was transferred to an unknown account.”
Part of the disbanding process includes releasing the decryption tools that would allow victims to regain access to their system and data, even if they didn’t pay the ransom.