Colonial Pipeline Hack: What do we know so far?

Colonial Pipeline Hack: What do we know so far?

Daily updates on the ransomware cyber-attack on the Colonial Pipeline – the network that transports almost half of the East Coast’s fuel supplies.  

Monday 10th May 2021:

The U.S government is working closely with Colonial in order to secure the network and tackle ‘one of the most disruptive digital ransom schemes ever reported’.  

Colonial Pipeline is a crucial supplier to major U.S airports, including Hartsfield Jackson Airport in Atlanta: one of the world’s busiest passenger airports. If the pipeline is not up and running soon, experts have warned that regional fuel supplies could be impacted. 

“A one-to-two-day outage is really a minor inconvenience,” said Andrew Lipow, president of Lipow Oil Associates. But by day four or five, he said, “we could see a much greater widespread impact through large areas throughout the mid-Atlantic and the southeast.” 

Although the investigation is still in a preliminary stage, several sources have confirmed that the one of the suspected groups behind the attack is a known cybercriminal group called Darkside.  

The group has been tracked by cybersecurity experts, who said that Darkside appears to include seasoned veteran cybercriminals who are focused on extracting as much money as they possibly can from their targets. 

“They’re very new but they’re very organized,” Lior Div, the chief executive of Boston-based security firm Cybereason, said on Sunday 9th May. “It looks like someone who’s been there, done that.” 

DarkSide executes a nuanced operation with a highly targeted approach, with a mailing list, a press center, a victim hotline, and even a supposed code of conduct.

However, the group is known to put out press releases and even promises registered journalists responses “within 24 hours”, but has remained uncharacteristically silent.

Tuesday 11th May 2021:

The FBI has confirmed that the cybercriminal group DarkSide is behind the attack. According to Anne Neuberger, Deputy National Security Adviser for Cyber & Emerging Technologies, the FBI have been investigating the group since October 2020.

Gas stations across the Southeast are beginning to report outages of fuel. According to data gathered by GasBuddy this morning, approximately 7% of Virginia, 3% of Georgia, 2% of Florida and 5% of North Carolina gas stations have run out of fuel.

Gas prices have been steadily rising due to the anticipated shortages. The current price at gas pumps have jumped 6 cents to $2.96, an average that hasn’t been seen in the U.S since November 2014.

Colonial Pipeline’s operations team is currently “executing a plan that involves an incremental process that will facilitate a return to service in a phased approach” and aim to restore service by the end of the week.

In an address at the White House on Monday evening, Joe Biden stated: “So far there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia.” He also added: “They have some responsibility to deal with this”, and will be meeting with Vladimir Putin in due course.

Wednesday 12th May 2021:

DarkSide have released a statement in which they stated that the hack was entirely financially motivated, and regret causing problems for society:

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives.

Our goal is to make money, and not creating problems for society.
From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

However, the societal consequences persist as motorists in a long queue to refuel in Knightdale, North Carolina broke out into a confrontation earlier today.

A video which is sweeping the internet captured the altercation, which shows a woman attempting to jump the queue was denied entrance by another driver.

The woman proceeded to get out of her vehicle and spit on the male driver who refused to let her through, resulting in the pair entering an altercation, in which the male driver’s shirt was torn.

North Carolina, Virginia and Florida have declared a state of emergency, prompting many drivers in the South East to stock up as gas stations began to run dry and prices began to rise.

U.S. Energy Secretary Jennifer Granholm said there was no need to hoard gas:

“It’s not that we have a gasoline shortage, it’s that we have this supply crunch, and things will be back to normal soon, Granholm said to reporters. “We are asking people not to hoard” fuel.

Thursday 13th May 2021:

Colonial Pipeline resumed operations yesterday evening at approximately 5 pm Eastern time. Petroleum supplies have begun to be restored across the South East, although it may take “several days for the product delivery supply chain to return to normal.”

The pipeline previously transported almost 50% of the fuel used on the East Coast; Colonial has warned that some of its markets could experience “intermittent service interruptions during the start-up period.”.

DarkSide have now targeted three other organisations within the last 48 hours, and have shared the details of the targets on their Dark Web site, DarkSide Leads.

The targeted organisations are a construction company in Scotland, a reseller of renewable energy products in Brazil, and a U.S-based technology services reseller. All of the hacks involved DarkSide taking hundreds of gigabytes of information from the companies, which would have likely gone unnoticed had it not been for the notoriety the group gained from shutting down Colonial Pipeline.

Copyright Lyonsdown Limited 2021

Top Articles

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Ransomware attacks and the future role of the CISO - teissTalk

On 18 May, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity experts in a wide-ranging discussion that covered government actions, ransomware attacks and the future of…

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

Related Articles

[s2Member-Login login_redirect=”” /]