💰💣

Colonial Pipeline Security Incident

8/05/2021 1509 days ago Resolved

Incident Overview

Situation Description

Colonial Pipeline experienced a ransomware attack by the DarkSide group on May 8, 2021, forcing the shutdown of its operations.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Energy

Geographic Scope

National (US)

Response Actions

Isolated Compromised Systems Took Systems or Services Offline Restored Systems from Secure Backups

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Operational / System Data

Primary Impacts

Operational Disruption Financial Loss Reputational Damage

Key Decisions Made

Colonial Pipeline proactively cut off business system networks to prevent the spread of malware to operational industrial control systems (ICS).; Colonial Pipeline suspended all pipeline operations until they were sure that no ICS networks were compromised.; Operations will slowly be brought back online with hope of full operations by the end of the week.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

DarkSide

Additional Information

Colonial Oil Pipeline Hack Confirmed to be DarkSide The FBI confirmed on 10 May 2021 that the oil pipeline ransomware attack on 8 May 2021 against Colonial Pipeline was conducted by the Darkside ransomware group. The Darkside Group claimed responsibility for the attack on their website and offered a statement of remorse. Colonial Pipeline is the largest oil product pipeline operator in the United States, and the attack forced shutdown of all their operations. To avoid greater impact, the company has proactively cut off business system networks to prevent spread of the malware to operational industrial control systems (ICS). Colonial then suspended all pipeline operations until they are sure that no ICS networks are compromised. Operations will slowly be brought back online with hope of full operations by the end of the week. According to BBC news , the criminal group planted malware on the target system in order to demand a ransom, hijacked nearly 100GB of the company's data, and threatened that if the payment is not made, the data will be leaked to the Internet. Image Source Wired: https://www.wired.com/story/colonial-pipeline-ransomware-attack/ What is Darkside Ransomware? Sangfor reported on the DarkSide ransomware group as early as September 2020. The DarkSide group is one of the leading providers of ransomware as a service (RaaS). In recent years, the criminal activities of the ransomware group have grown rapidly, and the victims are often unwilling to take the risk of not paying the high ransom. This actually helped the DarkSide group to become a more professional and customer service-oriented organization. They even provide a help desk with a call-in phone number for victims. DarkSides website has a section called DarkSide Leaks where the hackers have posted the private data of over 40 victims that they have stolen from. And although the ransomware group is developing a professional demeanor, they still carry out double extortion, where the hackers...

... (truncated for display)

Quick Facts

Company:: Colonial Pipeline
Date:: 8/05/2021
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 10/05/2021

Source Information

Original Query

Colonial Pipeline stock price impact and long-term recovery post DarkSide attack

View Original Source

Timeline

Information Published

10/05/2021

Incident Occurred

8/05/2021 (1509 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats