On May 7, the US fuel company Colonial Pipeline faced a major ransomware attack. The attack shut down the country’s largest fuel pipeline, which provides around 45 percent of fuel to the US east coast and southern states.
Homeland Security advisor Elizabeth Sherwood-Randall said that the company shut down their networks as a precautionary measure, following the attack. She claimed that while hackers broke into the company’s business networks, it didn’t affect computers, which controls the physical movement of fuels.
While all four of the company’s lines remain offline, it’s racing to find an alternative means of fuel transportation. This may involve employing water and ground transport to deliver resources. But this would not come close to matching the pipeline’s capacity.
Colonial Pipeline is actively trying to solve the issue and hopes to resume operations within a week of the attack.
Who is behind the pipeline hack?
The FBI has confirmed that the Russian hacking group DarkSide launched the attack. It is a relatively new, yet very organized collective consisting of numerous veteran hackers. They claim that their main goal is just profit, and that they don’t have any political intentions.
They’ve also stated that they try not to hurt businesses and avoid disrupting healthcare and other critical infrastructure. While the fact that they don’t target countries within the former Soviet bloc suggests a political angle, some sources claim that causing such a huge disruption was a miscalculation on this occasion.
DarkSide operates a ransom-as-a-service business and develops ransomware software. The group provides ransomware to its affiliates and gets a cut of any loot.
The hacker group is also known for its so-called “professional” operation – it has its own ethics code, mailing list, PR strategy, press center, and victim hotline.
Inside the hack
The attack was most likely indirectly caused by the pandemic with most engineers working remotely and accessing the company’s systems through remote desktop tools.
James Chappell of the digital risk protection company Digital Shadows claims that the group could have hacked accounts TeamViewer or Microsoft Remote Desktop.
Hackers tried to obtain almost 100 GB of data and leak it, but the FBI and other agencies cooperated with private companies to respond. As a precaution, the company took its cloud computing systems offline.
What are the consequences?
Experts claim that if the pipeline isn’t restored in the next few days it could increase gas prices and cause serious disruptions in eastern areas of the US. However, the process could take far longer than expected.
On a wider scale, this situation proves that ransomware is a global threat which can disrupt critical state-level infrastructure. It also highlights the vulnerabilities of US’s digital security; the government and the private sector are still recovering from the Solarwinds and Microsoft Exchange attacks.
This new form of cyber extortion is getting increasingly dangerous. While working from home, employees should maintain a high level of digital security, using robust passwords and encrypting their data with a VPN.