The “ransomware pandemic” has struck again – this time crippling the United States’ largest fuel pipeline. On Friday, May 7th, Colonial Pipeline shut down operations after discovering a ransomware attack. Colonial Pipeline operates a 5,500 Texas-to-New York conduit that carries 45% of the East Coast’s fuel supply – 100 million gallons of petroleum, diesel, and jet fuel per month.
The hacking group, Darkside, took responsibility for the attack, issuing a press release on their website suggesting that one of its partners was behind the attack. Additionally, after an initial investigation, the FBI announced they found Darkside to be behind the attack; however, the investigation is ongoing due to the involvement of ransomware and level of sophistication.
Darkside has an interesting history. The hacking group announced its existence in August 2020 and has a very public presence online including a phone number and help desk to facilitate negotiations. They also claim to not attack medical, education, or government targets – only large corporations — and that they donate a portion of what they extort to charity. Darkside has advertised stolen documents from more than 80 organizations as part of their double extortion trend, where they infiltrate an organization, encrypt their files with ransomware, and threaten to publish their stolen information.
Once Colonial Pipeline discovered the attack, they shut down operations of their pipeline, and in a statement issued Monday, they are dedicating resources to “restoring pipeline operations quickly and safely” by the end of the week. They also said, “segments of our pipeline are being brought back online in a step-wise fashion, in compliance with relevant federal regulations and in close conversations with the Department of Energy, which is leading and coordinating the Federal Government’s response.”
This is one of many ransomware attacks in recent months that’s made major headlines. Since 2016, more than 4,000 ransomware attacks occur daily with 1 in 3,000 emails that pass through filters contain malware. The average attack costs organizations more than $750,000, and the average downtime due to a ransomware attack is 19 days. These types of attacks are avoidable with the right cybersecurity technology and training in place. At StoredTech, we can help protect your business and customers from all threats.