The fact that the Colonial Pipeline is slowly getting back online and replenishing the gas supply in the Southeastern United States does not diminish the financial loss and sense of vulnerability that citizens from Florida to Virginia faced last week, and still are.
The operator of the Colonial Pipeline learned it was in trouble at daybreak on May 7, when an employee found a ransom note from hackers on a control-room computer. By that night, the company's chief executive came to a difficult conclusion: He had to pay.
By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows: Section 1. Policy. The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people's security and privacy.
Following the ransomware incident impacting Colonial Pipeline operations in May 2021, many parties asked how such a disruption, impacting one of the main arteries delivering refined petroleum products to the Eastern and Southeastern United States, could occur. Based on information available, the intrusion did not directly impact Industrial Control Systems (ICS) within Colonial's environment.
One of the most popular hacking forums on the internet today announced that it would ban ransomware ads. The XSS forum, previously known as DaMaGeLab, has been one of the two major places where ransomware gangs have advertised their services and hired partners to carry out attacks.
The recent ransomware intrusion of a major US gasoline pipeline operator was the work of an affiliate of DarkSide, a ransomware-as-a-service ring that has been responsible for at least 60 known cases of double-extortion so far this year. DarkSide has struck several high-profile victims recently, including companies listed on the NASDAQ stock exchange.
The Colonial Pipeline Cyberattack The hack underscored how vulnerable government and industry are to even basic assaults on computer networks. For years, government officials and industry executives have run elaborate simulations of a targeted cyberattack on the power grid or gas pipelines in the United States, imagining how the country would respond.
The ransomware attack on Colonial Pipeline has caused a large amount of trouble in the United States. It looks as if that trouble has made its way back to the cybercrime underground.
In an exclusive interview with BBC Moscow correspondent Steve Rosenberg, the head of Russia's Foreign Intelligence Service has denied that his agency was linked to a massive cyber-attack in the US last year. Sergei Naryshkin was responding to accusations from UK and US authorities that Russian intelligence carried out the SolarWinds attack, which was described as the world's most sophisticated hack.
The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. This news was shared by a threat actor known as 'UNKN', the public-facing representative of the rival REvil ransomware gang, in a forum post first discovered by Recorded Future researcher Dmitry Smilyanets on the Exploit hacking forum.