Table of Contents
A ransomware attack that shut down the East Coast’s main fuel distribution infrastructure, Colonial Pipeline, on Saturday showed how vulnerable infrastructure is to the cyber-attacks.
The company said:
“On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack, “We have since determined that this incident involves ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations and affected some of our IT systems.”
There are 5,500 miles of pipeline in the U.S. that transports over 100 million gallons from Houston to New York Harbor, making Colonial Pipeline the longest refinery pipeline in the country.
Mandiant, a division of cybersecurity company FireEye, is said to be helping with the investigation, according to reports from Bloomberg and The Wall Street Journal, with the attack attributed to a ransomware strain named DarkSide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said.
“We are engaged with Colonial and our interagency partners regarding the situation. This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”
A Cybereason analysis of DarkSide earlier in April 2021 revealed that the ransomware tends to target English-speaking countries while avoiding entities located in former Soviet bloc countries.
In March, the attackers behind the ransomware migrated to an affiliate program in which threat actors are recruited to spread the malware through breaches of corporate networks, and the core developers are tasked with maintaining the malware and payment infrastructure, which the core developers maintain.
Since DarkSide began operating in August of 2020, it has published stolen data from more than 40 victims. It is unclear whether Colonial Pipeline has paid the attackers or how much they demanded. A separate Bloomberg report claims the hackers stole 100GB of data from Colonial Pipeline’s network.
Rising Threat of Ransomware
Ransomware is the latest cyber threat to emerge as a coalition of federal government agencies, and private firms released a series of 48 recommendations intended to help businesses detect and prevent ransomware attacks.
Recent years have seen a dramatic increase in the number of intrusions targeting utilities and critical infrastructure, driven in part by ransomware attacks that encrypt victim’s data but also exfiltrate the information beforehand, threatening to make it public if it is not paid.
During the last nine months, the number of U.S. ransomware attacks has nearly tripled to 300, according to data collected by Check Point and provided to The Hacker News.