Colonial Pipeline: Fuel Pipeline Operator
On May 6, 2021, A major Russian hacking gang has successfully mounted a ransomware attack on major US fuel transporter Colonial Pipeline. The company is the operator of the largest fuel pipeline in the US, moving fuel into states on the Eastern seaboard, transporting more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor. Founded in 1962 and headquartered in Alpharetta, Georgia, privately-held Colonial Pipeline provides roughly 45% of the East Coast’s fuel, including gasoline, diesel, home heating oil, jet fuel and military supplies.
The point of entry for the gang was reportedly a single compromised employee password. Using that stolen password, the DarkSide affiliate slipped inside Colonial Pipeline’s admittedly lax digital security and delivered their cargo, DarkSide’s proprietary ransomware, to encrypt Colonial Pipeline’s systems and data. A little more than one week after the initial intrusion, an employee starting their day’s work in the Colonial Pipeline central control room saw a ransom note demanding cryptocurrency pop up on their computer and called in their supervisor. Then the race began for Colonial Pipeline as they tried to outpace the infection to preserve their systems and data. After shutting down the pipeline to try to mitigate the damage and prevent the hackers from further penetration, Colonial had to scramble to bring in experts to help. The company purportedly paid a ransom of 75 bitcoin or $4.4 million. In addition, the gang stole an estimated 100 gigabytes of data that had the potential to be highly sensitive. Shortly after this attack, DarkSide went dark for good.
Read a complete breakdown of the attack timeline with more details: https://www.graphus.ai/blog/diary-of-a-ransomware-attack-inside-the-colonial-pipeline-incident/
Key Takeaway: Cyberattacks against infrastructure targets have become a hot topic, and companies that own and operate them should be cognizant of their elevated risk.