💰💣

Colonial Pipeline Security Incident

May 12th, 2021 1594 days ago Resolved

Incident Overview

Situation Description

The Colonial Pipeline experienced a ransomware attack on its corporate IT network, leading to a temporary halt in production on the Operational Technology (OT) network.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Energy

Geographic Scope

National (US)

Response Actions

Isolated Compromised Systems Took Systems or Services Offline Restored Systems from Secure Backups

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

Operational / System Data

Primary Impacts

Operational Disruption Financial Loss

Key Decisions Made

Colonial decided to suspend operations and investigate the extent of the data breach to avoid encryption of critical control systems.; Operations were restarted on Wednesday, May 12th, with a return to normal service expected over several days.; The company's OT network was taken down as a precaution, which contributed to a quicker restoration of operations compared to other recent incidents.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

Darkside

Additional Information

The Colonial Pipeline Attack: Lesson Learned? Cybersecurity May 14, 2021 By Rebecca Spoont Ransomware attacks against critical infrastructure have become more prevalent than ever before. So much so that the Biden administration has declared them a national security threat . The sophistication and frequency of these security breaches have grown significantly, causing vulnerability disclosures to increase at a staggering rate: 25% year-over-year. Critical manufacturing, energy, and water make up for many of those disclosures. As these industries become more dependent on digital technologies, this trend will onlyworsen unlessorganizationsheed the warningechoed by the Colonial Pipelinebreach. To help people better understand what to take away from the Colonial Pipelineattack ,wevecompiled a series of questions that manyorganizationshave askedin the weeks following theinitialbreach. What happened , and who is behind the attack? According to reports, it appears that there was a ransomware attack on the corporate IT network that caused operators to temporarily halt production on the Operational Technology (OT) network. Due to the increased number of dependencies between business and operations networks, it has become challenging to isolate systems, even though it is considered best practices. Colonial decided the safest approach was to suspend operations and investigate the extent of the data breach to avoid encryption of critical control systems. The attack has been attributed toa Russian cybercriminal group called Darkside . They are a relative newcomeramongransomware gangsandemploya RobinHood - stylestrategy of stealing from the rich to give to the poor.On their website , they claim they willnot target hospitals, hospices, schools, universities, non-profit organizations, or the government sector. In fact, Darksidesoughtto play downanyintentionthat they wereattemptingto take down criticalinfrastructure . We are apolitical, we do not participate in geopolitics, do...

... (truncated for display)

Quick Facts

Company:: Colonial Pipeline
Date:: May 12th, 2021
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 14/05/2021

Source Information

Original Query

Colonial Pipeline stock price impact and long-term recovery post DarkSide attack

View Original Source

Timeline

Information Published

14/05/2021

Incident Occurred

May 12th, 2021 (1594 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats