Colonial Pipeline Hack: What We Know So Far

Share this post
Share on twitter
Share on facebook
Share on email
Share on linkedin
Colonial Pipeline Hack: What We Know So Far

Colonial Pipeline Hack:
A Ransomware Attack

On May 7th, Colonial Pipeline announced that it has been the victim of a serious cyberattack. The issue forced the company to shut down its entire network, leading to major disruptions in its operations.

By attempting to isolate and contain the threat, Colonial Pipeline was also forced to put a halt to pipeline operations, a scenario that quickly led to the service disruption and fuel shortage we are seeing today.

In the following lines, we will explore the Colonial Pipeline hack, addressing what we know so far and what we can expect in the upcoming days.

The Hit

Two days after the initial announcement by Colonial Pipeline, company officials confirmed that the cyberattack conducted on the company involved ransomware. 

This type of malware is used to encrypt data and keep users from fully accessing and controlling their devices. The goal is to extort victims, getting a ransom in return for unlocking their systems back to normal and granting control over their data once again.

The official statement from Colonial Pipeline made very clear that the company was not going to pay the ransom demanded by the cybercriminals. However, anonymous individuals who were familiar with the situation leaked to the media that the company, in fact, paid almost US$5 million to the hackers within hours after the attack was confirmed, contradicting the message sent to the public.

According to the same sources, US government officials were fully aware of the developments and knew about the payment. The ransom was paid in a highly obscure cryptocurrency that will be hard to trace.

DarkSide’s Apology

According to the FBI’s findings on the hack, the criminals responsible for the attack are linked to the cybercrime group DarkSide, which is known for its extortion and blackmailing operations online.

Officials were swift to clarify that while the DarkSide operatives are most likely located in Russia and other Eastern European countries, they are not backed by the Russian government. 

Curiously enough, a few days after the attack and while the situation developed for the citizens who found it increasingly difficult to find gas, DarkSide posted on its website that “our goal is to make money and not creating problems for society.” 

The cybercriminal group went on apologizing for the attack, emphasizing their mission to financially profiting from private companies but never by carrying out attacks that may lead to grave consequences to the public society (think of attacking hospitals).

Colonial’s Operations and DarkSide’s End

As we write this, Colonial Pipeline is restarting its supply operations. The company transports 2.5 million barrels of refined product a day, products that include gasoline, diesel, and jet fuel, being responsible for over 45 percent of the east coast fuel supply.

But more shocking, DarkSide announced that it was disbanding as a result of a coordinated attack against the group. According to the announcement, which US officials are still questioning as legitimate or not, “servers were seized, the money of advertisers and founders was transferred to an unknown account.” 

Part of the disbanding process includes releasing the decryption tools that would allow victims to regain access to their system and data, even if they didn’t pay the ransom.

Looking for solutions against ransomware and other cyber attacks?

Julie's specialists are ready to help you discover the best cybersecurity solution for your business.
Share on twitter
Share on facebook
Share on email
Share on linkedin

More Articles by Julie Security

Why Julie Security

We have you covered with full hands-on, end-to-end support

Pricing

No upfront investment needed.
Easy and fast onboarding.

Delivery

Continuous, predictable, and automatic cybersecurity.

Incident Response

Cyber-specialists ready to mitigate cyber-threats for your facility.

Juliesecurity Logo

Download a sample report

The best way to understanding our value is to see it with your own eyes. A risk assessment report is a powerful tool helping mitigate cybersecurity vulnerabilities.

Welcome to Julie Security

Map your OT and IoT assets. Monitor your networks. Protect your facility from cyber attacks. Do it with the Julie Security Intrusion Detection Platform.

By clicking the “Sign Up” button, you are creating a Julie Security account, and you agree to the
Terms of Use and Privacy Policy.