Colonial Pipeline, the management company of the largest fuel pipeline in the US, was forced to shut down after allegedly being attacked by ransomware. The Colonial Pipeline transports 2,5 million barrels of gasoline and other fuels a day from Gulf Coast refineries to customers in the eastern and southern United States, while serving some of the largest U.S. airports, including its airport. Atlanta (Hartsfield Jackson Airport) which is considered the airport with the highest passenger traffic in the world.
In accordance with CNBC, the Colonial Pipeline suffered on 7 May ransomware attack, which forced her to shut down her entire network in order to prevent the malware from spreading. This fact caused strong concerns about a possible increase in commercial gasoline prices.
On 8 May, the Colonial Pipeline issued a statement confirming the security incident and saying it was temporarily shutting down its pipeline as it tried to mitigate and counter the attack. Specifically, the company stated in its relevant statement the following:
"On May 7, the Colonial Pipeline discovered that it had been the victim of a cyber attack. In an effort to respond, we have proactively deployed some offline systems to mitigate the threat, which has temporarily disrupted all pipeline operations and affected some of our IT systems. "As soon as he learned of the incident, a leading cybersecurity company decided to help investigate the case and has already launched an investigation into the nature and extent of the incident, which is ongoing."
A US official told The Washington Post It is estimated that the DarkSide ransomware gang is behind this attack. The "business" of DarkSide ransomware started operating in mid-August 2020.
Like other business-targeted ransomware gangs, when DarkSide gains access to a corporate network, it spreads "silently" to other devices, while also collecting credentials and steals unencrypted files and documents. In addition, once it has access to Windows domain credentials, it deploys ransomware across the network to encrypt devices.
If the DarkSide gang is really behind this attack, the malicious agents most likely stole data, which they would later use to blackmail the Colonial Pipeline, forcing it to pay a ransom.
DarkSide gang attacks in the past have targeted high-profile targets, including those that hit companies CompuCom, Discount Car and Truck Rentals, Brookfield Residential and Companhia Paranaense de Energia (Copel) of Brazil.