We tend to think of cyberattacks in terms of companies, but sometimes they can happen to much larger corporations, affecting an entire nation. This is the case with the Colonial Pipeline ransomware attack – the FBI has determined the attackers of one of the largest U.S. fuel pipelines is the
“Darkside” group.
Colonial Pipeline Ransomware Attack
The Colonial Pipeline transports more than 100 million gallons of gasoline and other fuels on any given day from Texas to New York. The ransomware attack shut down all operations at the pipeline last week.
The attack took place amidst concerns that American infrastructure is in a vulnerable position. The current U.S. administration began tightening up cybersecurity in the country’s power grid just last month. This was after the SolarWinds breach and the Microsoft Exchange Server hack.
While the administration has said that it’s ready and “standing by” to assist Colonial Pipeline, it also noted its role in doing so would be limited because the pipeline is a private company.
Russian Group Darkside Responsible for Attack
The FBI has determined that a Russian group, “Darkside,” is behind the Colonial Pipeline ransomware cyberattack. The Darkside group posted a notice on the dark web that it was not acting on behalf of a foreign government. It added that its motivation was “only to make money.”
According to Recorded Future senior security architect Allan Liska, the threat group is relatively new in ransomware operations. Though in operation less than a year, he said “they’re fairly aggressive” and have “grown very quickly.”
Darkside has joined the “ransomware as a service” trend. Liska explained they “rent out their infrastructure to other bad guys.” He further explained, “You pay a fee to join their service. And then the main threat actor gets a cut of every successful ransomware payment that you make.”
Recovering from the Ransomware Attack
LAST MONTH, the U.S. Justice Department said that last year was “the worst year to date for ransomware attacks.” Experts see a trend of the attacks happening more frequently.
With the Colonial Pipeline being a significant provider of diesel, gasoline, and jet fuel, it’s assumed the ransomware attack by Darkside could lead to consequences on the economy. RBC Capital Markets said, “the supply shock could leave the region with widespread fuel shortages.”
Colonial Pipeline started working on a restart plan the weekend following the attack. It was able to resume some operations. It hopes service will be completely restored by the end of the week.
Read on to learn about seven of the best ransomware decryption tools for Windows.
Our latest tutorials delivered straight to your inbox
