DarkSide Ransomware Used in Cyberattack on Colonial Pipeline
Note: We are reader supported and may earn a small commission when you click on links in posts
The US Federal Bureau of Investigations (FBI) has confirmed that DarkSide ransomware was used in the cyberattack on colonial pipeline Co. According to an FBI statement, the ransomware attack is the work of Russian cybercriminals.
“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation,” said the law enforcement agency in a statement on Monday.”
- Ransomware Shutsdown Largest US Pipeline: Saturday Sitrep
- Major US Gas Pipeline still offline due to cyberattack, Feds declare emergency
DarkSide ransomware attacked Colonial Pipeline’s IT network on Friday causing the pipeline operator to take systems offline which crippled its refined oil deliveries.
DarkSide is a gang of cyber criminals who attack companies in the U.S. and Europe.
Like many ransomware attackers, it appears that DarkSide’s motive was to make money rather than to damage US critical infrastructure.
According to Krebs on Security, post by DarkSide reads, “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives [sic],” reads the post on the DarkSide Leaks site. “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
Ransomware is a genre of malicious computer coding. Cyber criminals use ransomware to attack and encrypt computers, IT networks, and all the devices attached to them. They hold the infected computers and the data on them data hostage until their ransom demands for money are paid.
Ransomware attacks against large corporations can cost the victim millions of dollars.
Need Security Training? Certifications at Your Own Pace
- IBM Cybersecurity Analyst Professional CertificateIntroduction to Cybersecurity Tools & Cyber Attacks by IBM
- Generative Adversarial Networks (GANs) Specialization from DeepLearning.AI
- Agile Leadership Specialization from the University of Colorado
- International Cyber Conflicts from the State University of New York (SUNY)
- IT Fundamentals for Cybersecurity Specialization by IBM
- Google Cloud Security Professional Certificate from Google Cloud
- Google Cloud Networking Professional Certificate from Google Cloud
- Introduction to Blockchain Specialization from Association of International Certified Professional Accountants
Remediation Time Still Unknown
It is still unknown when Colonial will be able to get its systems back online. The company has hired cyber security experts at FireEye to help with the remediation effort and forensic investigation.
Over the weekend, The US Federal Motor Carrier Safety Administration (FMCSA) issued an Emergency Declaration making it easier for truck transports to continue fuel deliveries while the pipeline remains disabled.
“The Federal Bureau of Investigation has determined Colonial’s network was infected by ransomware, and it’s a criminal act, obviously,” said US President Joe Biden.
Both the US Department of Energy and the FBI are working with Colonial Pipeline to get the pipeline operating again.
Colonial pipeline supplies refined fuel to 45% of the East Coast of the United States. The company operates 5,500 miles of pipeline which delivers heating fuel, automobile gasoline, and jet fuel from the Gulf of Mexico – Texas to New York.