Colonial Pipeline CEO told the U.S. Senate that the massive ransomware attack that disrupted fuel shipments was caused by attackers stealing one password.
Colonial Pipeline CEO Joseph Blount told a U.S. Senate committee that the ransomware attack that disrupted fuel distribution to the majority of the eastern United States was caused by attackers stealing a single password that protected the enterprise’s VPN. “In the case of this particular legacy VPN, it only had single-factor authentication,” Blount informed the panel, convened this week in order to examine the attack and other similar threats to U.S. infrastructure.
The single password theft cost the company 75 bitcoins, or $5 million, which it paid to the ransomers believed to be DarkSide, a group that has since shuttered operations. Reuters reported that some senators on the panel suggested Colonial should have consulted with the government before deciding to pay the ransom, as paying ransomers is an act that goes against federal guidelines. Blount responded that he understood the decision to pay or not pay was a private matter to be handled within the company. Even though they received the ransom key, Blount said the company’s IT infrastructure was still in recovery mode. On Monday, the Justice Department announced it had recovered 60 of Colonial’s 75 bitcoins, though the value of the bitcoins has decreased.
Ransomware gangs target SonicWall devices
Researchers have noticed a ransomware trend developing this year – cybercrime groups are targeting SonicWall devices in order to breach corporate networks and deploy ransomware. According to
Support the originator by clicking the read the rest link below.
