Major US fuel pipeline taken down by ransomware attack

Ransomware
(Image credit: Shutterstock)

A major ransomware attack has severely impacted fuel deliveries across the US East Coast by shutting down one of the country’s largest pipelines. 

The Colonial Pipeline was completely knocked offline reportedly by the DarkSide ransomware group late last week, with experts saying that fuel prices are likely to rise 2-3% this week, with the impact set to be far worse if the pipeline isn’t restarted soon.

Cybersecurity experts from Cybereason have been tracking the DarkSide ransomware gang since it first appeared in August 2020. According to their research, the group has recently released a new version of its ransomware that it claims has the fastest encryption speed, which gives victims little time to take action once their network is infected.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Double-extortion

Cybereason CEO Lior Div told TechRadar Pro that, like many other ransomware gangs, DarkSide uses a double-extortion scheme, in which they don’t just encrypt the victim’s data, but also exfiltrate it and threaten to make it public if the ransom demand is not paid.

In the Colonial pipeline attack, the group reportedly took almost 100GB of data hostage, which they threatened to leak onto the internet if the ransom isn’t paid.

While it isn’t clear how much ransom DarkSide has demanded from Colonial, Cybereason says their demands usually range between $200,000 to $2,000,000. The group is known to follow through with its threats and has published stolen data from more than 40 victims on its website, which Cybereason estimates to be just a fraction of the overall number of victims.

Stefan Schachinger, Product Manager, Network Security, IoT, OT, ICS at Barracuda believes that Colonial has been attacked through an insecure remote access

“Remote accesses are not insecure per definition but require proper security measures such as encryption and multifactor authentication. Organizations should also implement a layered defence strategy, with multiple technical hurdles that keep attackers and malicious software out,” he told TechRadar Pro.

representational image of a cloud firewall

(Image credit: Pixabay)

The attack has put the spotlight on the threat to operational technology (OT) in civil infrastructure, amplified by the use of outdated or poorly protected software, as it the latest in a string of recent cyber attacks on utilities. 

A few months ago, an unsophisticated attacker managed to break through into a water treatment utility in the city of Oldsmar, Florida, still running on the outdated Windows 7 PCs.

“The SolarWinds and Microsoft Exchange email server attacks were unparalleled in their scope, successfully infiltrating and compromising virtually every US government agency and a wide array of medium and large private sector companies. The Colonial Pipeline attack reinforces the need to update legacy systems running today’s critical infrastructure networks,” Div added.

Via The Guardian

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.