💰💣

Bitdefender Security Incident

11/01/2021 1421 days ago Resolved

Incident Overview

Situation Description

Bitdefender announced a breakthrough in identifying a flaw in the DarkSide ransomware, which was used to freeze computer networks of numerous businesses in the US and Europe.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Critical Infrastructure

Geographic Scope

Global

Response Actions

Shared Threat Intelligence

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$4,400,000 USD

Records Affected

Data Types Compromised

Operational / System Data

Primary Impacts

Operational Disruption Financial Loss

Key Decisions Made

Bitdefender decided to publish its decryption tool to help victims who might not otherwise find assistance.; Bitdefender was not aware of earlier successes in unlocking files infected by DarkSide when it decided to publish its tool.; Bitdefender recognized that DarkSide might correct the flaw but believed attackers would learn about decryptors anyway, even if made available silently.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

DarkSide

Vulnerability / Tool

DarkSide ransomware flaw

Additional Information

On January 11, antivirus company Bitdefender said it was happy to announce a startling breakthrough. It had found a flaw in the ransomware that a gang known as DarkSide was using to freeze computer networks of dozens of businesses in the US and Europe. Companies facing demands from DarkSide could download a free tool from Bitdefender and avoid paying millions of dollars in ransom to the hackers. But Bitdefender wasnt the first to identify this flaw. Two other researchers, Fabian Wosar and Michael Gillespie , had noticed it the month before and had begun discreetly looking for victims to help. By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that new companies have nothing to hope for. Special thanks to BitDefender for helping fix our issues, DarkSide said. This will make us even better. DarkSide soon proved it wasnt bluffing, unleashing a string of attacks. This month, it paralyzed the Colonial Pipeline Co., prompting a shutdown of the 5,500-mile pipeline that carries 45% of the fuel used on the East Coastquickly followed by a rise in gasoline prices, panic buying of gas across the Southeast, and closures of thousands of gas stations. Absent Bitdefenders announcement, its possible that the crisis might have been contained, and that Colonial might have quietly restored its system with Wosar and Gillespies decryption tool. Instead, Colonial paid DarkSide $4.4 million in Bitcoin for a key to unlock its files. I will admit that I wasnt comfortable seeing money go out the door to people like this, CEO Joseph Blount told the Wall Street Journal. The missed opportunity was part of a broader pattern of botched or half-hearted responses to the growing menace of ransomware, which during the pandemic has disabled businesses, schools, hospitals, and government agencies across the country. The incident also...

... (truncated for display)

Quick Facts

Company:: Bitdefender
Date:: 11/01/2021
Status:: Resolved
Decision Maker:: Bogdan Botezatu
Position:: director of threat research
Published:: 11/01/2021

Source Information

Original Query

Colonial Pipeline stock price impact and long-term recovery post DarkSide attack

View Original Source

Timeline

Information Published

11/01/2021

Incident Occurred

11/01/2021 (1421 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats