Search results
People also ask
Did a ransomware attack affect Colonial Pipeline?
What was the Colonial Pipeline attack?
How did the government react to the Colonial Pipeline attack?
What happened to Colonial Pipeline?
May 7, 2023 · On May 7, 2021, a ransomware attack on Colonial Pipeline captured headlines around the world with pictures of snaking lines of cars at gas stations across the eastern seaboard and panicked Americans filling bags with fuel, fearful of not being able to get to work or get their kids to school.
Apr 26, 2022 · The attackers stole 100 gigabytes of data within a two-hour window. Following the data theft, the attackers infected the Colonial Pipeline IT network with ransomware that affected many computer systems, including billing and accounting. Colonial Pipeline shut down the pipeline to prevent the ransomware from spreading.
- Sean Michael Kerner
- 3 min
Jun 7, 2022 · The cyberattack on Colonial Pipeline highlighted the fragility of our interconnected world and the consequences cyberattacks have on our daily lives, says Davis McCarthy, principal...
- Attack on Colonial Pipeline
- The Villains
- The Ransom
- Who Won
- Victims
- The Money
- What Now?
- Appendix I – Indicators of Compromise
During the period from May 7 to 12, fuel transportation over the Colonial Pipeline, the largest pipeline system for refined oil products in the US, was suspended. The cause of this was a cyberattack involving DarkSide ransomware. Colonial Pipelineis one of the largest pipeline operators in the United States. The company delivers about 45% of fuel f...
The impact of the attack was so severe that DarkSide developers published a statement on their website on May 10 to the effect that ‘third-party’ operators, rather than them, were responsible for the attack. The DarkSide threat actor used the Ransomware-as-a-Service (RaaS) scheme, under which the developers of the ransomware maintained and develope...
On May 12, CNN reported on its website, citing sources familiar with the matter, that the attackers had demanded a ransom of nearly $5 million from the victim company. However, according to one more trusted source of CNN, Colonial Pipeline, with help from the authorities, managed to retrieve stolen data that the attackers had not yet moved from int...
Once again it has turned out that information security issues are relevant to villains, too. The successful (though, it turns out, not that brilliant) operation which involved stealing data, doing encryption and receiving ransom from Colonial Pipeline was not the end of the story. On May 14, DarkSide developers announced that they had lost access t...
DarkSide first appeared on the radar in August 2020. According to DarkTracer, data of 99 victim companies has been leaked to the darkweb. Specifically, DarkSide was implicated in attacks on large energy companies. For example, in February 2021 the group targetedEletronuclear (a nuclear energy division of the Brazilian giant Eletrobras) and Copel (t...
On May 18, Elliptic, the company that identified the Bitcoin wallet used by DarkSide to receive the ransom payment from Colonial Pipeline, publishedinteresting data based on its blockchain transaction analysis. Elliptic experts did not limit their research to an analysis of one wallet – they analyzed all wallets used by DarkSide in the past nine mo...
The attack on a company that is part of the US critical infrastructure and the shutdown of the DarkSide service forced following the attack could affect the situation in the ransomware market as a whole: the story was too high-profile and the attack’s consequences were too severe – both for the victim company and for the attackers.
Infrastructure
Domain – IP – First seen – ASN More indicators are available for subscribers of Kaspersky Threat Intelligenceservice.
May 12, 2021 · May 11, 2021. On May 8, 2021, the Colonial Pipeline Company announced that it had halted its pipeline operations due to a ransomware attack, disrupting critical supplies of gasoline and other refined products throughout the East Coast. This attack was similar to an earlier pipeline ransomware attack in 2020, which also resulted in a pipeline ...
May 10, 2021 · Washington CNN — One of the largest US fuel pipelines remained largely paralyzed Monday after a ransomware cyberattack forced the temporary shutdown of all operations late last week – an incident...
On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain ...
