💰💣

Colonial Pipeline Security Incident

7/05/2021 1540 days ago Resolved

Incident Overview

Situation Description

Colonial Pipeline took down parts of its IT infrastructure on May 7, 2021, in response to a ransomware attack by the DarkSide criminal group.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Energy

Geographic Scope

National (US)

Response Actions

Took Systems or Services Offline Managed Public Narrative & Crisis Communications

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

N/A

Primary Impacts

Operational Disruption Financial Loss

Key Decisions Made

Colonial Pipeline took down parts of their IT infrastructure in the wake of a ransomware attack.; The FBI confirmed the criminal group responsible is leveraging the DarkSide RaaS.; DarkSide group rents out their ransomware platform to other groups who conduct infiltration and attacks.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

DarkSide

Additional Information

Colonial Pipeline and the Economics of Ransomware Admin ReliaQuest 13 May 2021 ReliaQuest Colonial Pipeline and DarkSide Ransomware On Friday, May 7, Colonial Pipeline took down parts of their IT infrastructure in the wake of a ransomware attack. The pipeline supplies 45% of the U.S. East Coasts gas, diesel and jet fuel. The FBI confirmed on Monday that the criminal group responsible is leveraging the DarkSide RaaS (Ransomware-as-a-Service). The DarkSide group which has built the ransomware software and hosts the infrastructure rents out their platform to other groups who conduct the actual infiltration and attacks. DarkSide is an interesting group as they have a code of conduct which implies, they will not attack hospitals, schools, and government organizations. The group also builds customized executables for each company targeted, so it is unclear if they were aware, they were targeting the pipeline, however they issued a press release stating they will vet targets in the future. Moving forward relying on the benevolence of malware authors is not a sound security strategy and no industry or organization is safe from ransomware. Last month ReliaQuest provided our customers with a threat advisory report regarding ransomware which included an outline of key behaviors to monitor for ransomware. As ransomware is increasingly customized for specific organizations, and the infrastructure constantly changes, relying on IoCs alone can be a challenge and multiple layered preventative and response controls should be deployed. ReliaQuests Threat Management Team continues to monitor the threat posed by DarkSide and other ransomware families and continuously updates our Intel and Detect capabilities within the GreyMatter platform , ensuring our customers have the most up-to-date coverage. Ransomware Costs More Than the Ransom The Colonial Pipeline ransomware case reveals that the cost of ransomware goes well beyond just the ransom demanded, even as these ransom demands...

... (truncated for display)

Quick Facts

Company:: Colonial Pipeline
Date:: 7/05/2021
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 13/05/2021

Source Information

Original Query

"Colonial Pipeline" ransomware attack response "crisis communications"

View Original Source

Timeline

Information Published

13/05/2021

Incident Occurred

7/05/2021 (1540 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats