Ransomware attack on Colonial Pipeline
Colonial Pipeline Company, one of the major gas providers on the American East Coast discovered to be under a cybersecurity attack that affected it’s IT systems. The company had to proactively turn offline other systems, including pipeline operations to the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring.
The FBI confirmed that the attack was made with ransomware created by cybercrime group DarkSide. This group is known to provide ransomware as a service for its clients. CNBC reported that DarkSide develops and sells ransomware software to other criminals that then carry out attacks.
Later, Darkside also acknowledged its involvement in the incident, however they didn’t know that Colonial Pipeline will become a victim and it will physically affect gas supplies. ‘From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future <…> We do not participate in geopolitics, do not need to tie us with a defined government and look for… our motives,’ the group said in its post in the darkweb.
Colonial’s CEO confirmed on May 19 to authorize a payment of $4.1 million in ransom to the DarkSide.