Ransomware threat reaches new heights. On May 7, the computer systems of Colonial Pipeline Company were infected with ransomware. The American company, which operates a large network of oil pipelines and refineries in the southeastern United States, was forced to interrupt its operational activities, and therefore also the delivery of liquid fuels (diesel, gasoline, fuel oil, kerosene). Colonial Pipeline’s pipelines transport more than 2.5 million barrels per day, which represents 45% of the liquid fuel consumption of the east coast of the United States.
The company commissioned the cybersecurity experts from FireEye Mandiant to assess the nature and impact of this attack. Some secondary pipelines have already been restored, but the main network is still stopped for the moment. According to Bloomberg, the malicious code belongs to the relatively new “DarkSide” group. According to Cyberreason’s analyzes, it was first detected in August 2020. It primarily targets English-speaking countries, while carefully avoiding countries of the former Soviet bloc.
Also to discover in video:
The amount of ransom demanded from Colonial Pipeline is not known. But even if the company manages to restart all of its systems without a hitch, it will remain under threat of a publication of sensitive data. According to Bloomberg, the hackers managed to exfiltrate more than 100 GB of data.
Sources: Bloomberg, Cyberreason, Colonial Pipeline