top of page
    • Jul 21, 2021
    • 2 min read

Darkside Ransom

Updated: Jul 30, 2021


Colonial Pipeline Outage

https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption


Earliest News

Sources told Bloomberg News that hackers stole nearly 100 gigabytes of data out of Colonial’s network on Thursday before demanding a ransom.


Colonial Pipeline shut down its entire pipeline network due to ransomware cyber attack


https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption


Colonial Pipeline Offline


Colonial pipeline restarted operations on May 12, taking a few days to ramp up to normal operations on or around May 15. It was reported DarkSide demanded $5M ransom, but not confirmed how much was paid.


https://www.cnn.com/2021/05/15/politics/colonial-pipeline-returns-normal-operations/index.html


How did the Colonial Pipeline ransomware attack happen?


There are few concrete details on how the cyberattack took place, and it is likely that this will not change until Colonial Pipeline and the third-party company brought in to investigate have concluded their analysis of the incident.

However, what did occur was a ransomware outbreak, linked to the DarkSide group, that struck Colonial Pipeline's networks.


The initial attack vector isn't known, but it may have been an old, unpatched vulnerability in a system; a phishing email that successfully fooled an employee; the use of access credentials purchased or obtained elsewhere that were leaked previously, or any other number of tactics employed by cybercriminals to infiltrate a company's network.

I

t should be noted that DarkSide operators targeted the business side rather than operational systems, which implies the intent was money-orientated rather than designed to send the pipeline crashing down.


The oil giant said it "proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems."


Colonial Pipeline's update, published on Monday 10, said that remediation is ongoing and each system is being worked on in an "incremental approach."


"This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week," the company added.


In a further update, Colonial Pipeline said that one line is operating under manual control while supplies of gas are "available."


"While our main lines continue to be offline, some smaller lateral lines between terminals and delivery points are now operational as well. We continue to evaluate product inventory in storage tanks at our facilities and others along our system and are working with our shippers to move this product to terminals for local delivery."


For this our any other cybersecurity concerns please feel to reach out to us at Get Started!

9 views0 comments

Recent Posts

See All

Public 0-day exploit allows domain takeover https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 A remote code execution...

Overview Multiple vulnerabilities have been discovered in F5 products, the most severe of which could allow for remote code execution....

In the Wild since March/2020 On December 13, 2020, FireEye announced the discovery of a highly sophisticated cyber intrusion that...

bottom of page