💰💣

Colonial Pipeline Security Incident

7/05/2021 1540 days ago Resolved

Incident Overview

Situation Description

Colonial Pipeline was the victim of a ransomware infection by the DarkSide group, which resulted in approximately 100GB of data being stolen and a ransom payment of nearly $5 million USD.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Energy

Geographic Scope

National (US)

Response Actions

Paid a Ransom Notified Law Enforcement

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$5,000,000 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Operational / System Data

Primary Impacts

Operational Disruption Financial Loss Data Exposure

Key Decisions Made

Colonial Pipeline was the victim of a ransomware infection.; Colonial Pipeline allegedly paid almost $5 million USD to a DarkSide affiliate.; Many criminal forums banned ransomware and ransomware-as-a-service (RaaS) operators ended public communications regarding affiliate and partner recruitment.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

DarkSide CARBON SPIDER

Additional Information

BLOG Featured CrowdStrike Signal Transforms AI-Powered Threat Detection Aug 06, 2025 CrowdStrike Launches New AI Security Services to Strengthen AI Security and SOC Readiness Aug 06, 2025 How CrowdStrike Secures AI Agents Across SaaS Environments Aug 05, 2025 CrowdStrike Tailors Adversary Intelligence to Customer Environments Aug 05, 2025 Recent CrowdStrike Signal Transforms AI-Powered Threat Detection Aug 06, 2025 CrowdStrike Launches New AI Security Services to Strengthen AI Security and SOC Readiness Aug 06, 2025 How CrowdStrike Secures AI Agents Across SaaS Environments Aug 05, 2025 CrowdStrike Tailors Adversary Intelligence to Customer Environments Aug 05, 2025 Video Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO] Feb 21, 2019 Analyzing Targeted Intrusions Through the ATT&CK Framework Lens [VIDEO] Jan 22, 2019 Qatars Commercial Bank Chooses CrowdStrike Falcon: A Partnership Based on Trust [VIDEO] Aug 20, 2018 Category Cloud & Application Security Cloud & Application Security Preventing Container Escape Attempts with Falcon Cloud Security's Enhanced Runtime Capabilities 07/22/25 How CrowdStrike Traces Attack Paths to Sensitive Data in the Cloud 06/30/25 CrowdStrike Named a Leader in the 2025 IDC MarketScape for CNAPP 06/25/25 Stopping Cloud Breaches at Machine Speed: How CrowdStrike Uses Agentic AI to Power Cloud Detection and Response 06/16/25 Threat Hunting & Intel Threat Hunting & Intel CrowdStrike Tailors Adversary Intelligence to Customer Environments 08/05/25 CrowdStrike 2025 Threat Hunting Report: AI Becomes a Weapon and a Target 08/04/25 CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries 07/02/25 CrowdStrike Collaborates with U.S. Department of Justice on DanaBot Takedown 05/22/25 Endpoint Security & XDR Endpoint Security & XDR CrowdStrike Signal Transforms AI-Powered Threat Detection 08/06/25 CrowdStrike...

... (truncated for display)

Quick Facts

Company:: Colonial Pipeline
Date:: 7/05/2021
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 28/05/2021

Source Information

Original Query

company "press release" "ransomware incident" remediation steps 2021

View Original Source

Timeline

Information Published

28/05/2021

Incident Occurred

7/05/2021 (1540 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats