Posted on May 9, 2021 at 2:45 PM
Colonial Pipeline hackers got away with almost 100GB of data within two hours. The ransomware attack happened on May 7.
After a heavy impact caused by a ransomware attack on Friday, Colonial Pipeline will be shutting down its operations. Colonial Pipeline is a leading US pipeline firm that supplies fuel to almost half of the US East Coast.
The hack was one of the most severe in the US energy sector. It raised alarm over the vulnerability of the sector’s IT infrastructure. The threat actors belonged to a hacking group known as ‘DarkSide.’ They made away with 100GB of personal data from the firm and threatened to leak the data to the internet. The hackers also encrypted the company’s data and demanded a ransom to unlock it.
Colonial Pipeline is now looking at a possible shutdown after the attack. If this happens, gasoline prices will increase ahead of the active summer season when gasoline’s demand is at its peak. Disruption in fuel prices will affect US consumers and the economy.
Colonial Pipeline has not released official details of the investigation. Earlier, the company announced that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”
On Friday, the company shut down operations in the East Coast pipeline and did not reveal when the pipeline would resume operations. The amount of ransom demanded by hackers has not been shared with the public. However, because of the size of the pipeline, the amount could be significantly high. Most companies use insurance compensation to pay for such ransoms.
US Government’s Investigations on the attack
The US is conducting preliminary investigations on the matter. The results show that a hacking group known as ‘DarkSide’ is responsible for the attack. FireEye (FEYE.O), a cybersecurity firm, has been deployed to investigate the matter.
The FBI has claimed that the details of the attackers are still unknown. The US president, Joe Biden, was briefed on the matter, and a spokesperson of the White House stated that the government was working towards helping Colonial reopen its operations.
The efforts being made by the relevant authorities on the matter are with the focus of ensuring that the energy sector does not suffer major disruptions.
The US Department of Energy also stated that it was closely monitoring the impact of the hack on the country’s energy supply. The executive assistant director at the CISA stated, “We are engaged with the company and our interagency partners regarding the situation. This underscores the threat that ransomware poses to organizations regardless of size or sector,”
Increased Ransomware attacks in the US
It is not the first time the energy sector is being affected by cyber-attacks. In 2020, an unknown natural gas compressor company was shut down for two days. In 2018, the operations of various natural gas pipeline firms were interrupted after their third-party communications provider was hacked.
The Washington police department was also a victim of a ransomware attack. Hackers stole information on police informants and threatened to release the details to criminal gangs. Scripps Health, a medical institution based in San Diego, was also a victim of the same after patient records were distorted. The Attorney General’s office of Illinois is looking to strengthen its cybersecurity practices after vulnerabilities were detected.