Details of the industry-hobbling Colonial Pipeline cyberattack are starting to emerge. Reuters and Bloomberg say the hack was likely the work of a cybercriminal group, and that the ransomware gang DarkSide appears to be the primary suspect. Bloomberg claims DarkSide stole almost 100GB of data in two hours on May 6th as part of a "double-extortion scheme" where intruders threatened to both leak company data and lock Colonial out of its information.
It's not certain if
Colonial agreed to pay a ransom. The oil and gas giant reportedly asked
FireEye's Mandiant forensics team to help investigate the breach.
The attack was important
enough to get the US government's involvement, regardless of who was
responsible. Officials were scrambling to help Colonial restore its fuel supply
business, while Reuters understood that a government investigation
was in the "early stages." President Biden received a briefing on May
8th.
If DarkSide or a similar
group is involved, this would represent one of the most impactful ransomware
campaigns to date. Hackers have targeted
city governments and other key infrastructure before, but Colonial's
reach could lead to extensive problems if it can't recover quickly. The company
provides nearly half of the East Coast's fuel supply, including at airports. A
lengthy shutdown could restrict travel across the US and have a knock-on effect
for the American economy at large.
Comments
Post a Comment