Pipeline Restarts Operations Amidst Ransomware Attack
Note: We are reader supported and may earn a small commission when you click on links in posts
Colonial Pipeline Co. announced a ransomware attack on their IT systems last Wednesday that resulted in the company shutting down operations to contain the spread of the malware. This disrupted the transport and distribution of fuel and heating oil from the largest U.S. pipeline to the East Coast and Southern states.
While it was uncertain whether or not the company would be able to resume operating this week, Colonial Pipeline is working to decrypt their data files and continue their work, after paying a $5 million ransom to the hacker group.
The Point of Ransomware
Ransomware is a form of malware that encrypts an entity’s files/data, demanding a ransom in exchange for a decryption tool or the promise that no sensitive data will be released. In a recent ransomware incident involving a mental healthcare network in Finland, cybercriminals threatened to release not only patient identifiers, but also notes from individuals’ psychotherapy sessions. The attackers made good on their promise and released the information to the public, resulting in the end of the Finnish company. In the case of Colonial Pipeline, the attackers demanded a ransom in exchange for a decryption tool.
Ransomware and Big Business
Most large companies do not publicly disclose ransomware incidents unless it causes disruptions in service or otherwise impacts consumers (i.e. data leaks, etc.). Colonial Pipeline was among those companies who could not deal with the attack quietly as the provider of 45% of the east coast’s fuel and oil.
While the company initially stated that they had “no intention of paying an extortion fee,” as it is strongly suggested by the FBI to refrain from paying ransom, it is confirmed that the Colonial Pipeline has paid the ransom of $5 million to who is believed to be the east European hacker group, DarkSide
DarkSide: Not Your Everyday Hacker Group
The cybercriminals that call themselves DarkSide claim to be apolitical with no intention to harm or negatively impact society. They “just want money.” Interactions with the group are similar to what one would experience dealing with a customer service representative. They operate within their own policies and rules and keep true to their promises as they have “a reputation to uphold.” The group seems to aim for having the appearance of “civil thieves” with a code of ethics.
DarkSide has also provided documentation of their donations to charity from their ill-gotten gains, however, once the documentation was confirmed to be or was associated with the hacker group, charities could no longer accept the money.
Colonial Pipeline’s Recovery Timeline
By crippling Colonial Pipeline’s operations, the attackers cornered the $15 billion company into paying them the $5 million, however they garnered what could be rather unwelcome attention from the rest of the world, seemingly overnight. The U.S. government is now looking harder into the ransomware-for-hire group and, depending on their own resources and network, it could be the beginning of the end for DarkSide.
The decryption tool they provided is working, but working slowly. Colonial does not yet know when they will be back to full functionality, but with the ransom paid and with DarkSide’s track record of leaving companies alone after receiving payment, it may be safe to predict that things will operate as usual once the decryption process is complete, given with a stronger security presence in their IT departments.