A massive ransomware attack on one of the largest gas pipelines in the US, Colonial Pipeline, led it to be shut down on Friday. The FBI, the Energy Department, and the White House are all actively addressing the issue and assessing the damage after Colonial Pipeline announced Friday that it had shut down 5,500 miles of pipeline along the East Coast.
The company, which is responsible for transporting 45 percent of the fuel used on the East Coast, said its corporate computer networks had been breached, with ransomware attackers holding data hostage.
Colonial has reportedly hired a cybersecurity firm, FireEye, whose incident response division is said to be assisting with the investigation.
SEE: Vulnerability of Oil and Gas Infrastructure Drives Security Investments
The ransomware analysis led to the conclusion that it is a new strain known as DarkSide and the operators behind the ransomware attack also recently switched to an affiliate program in March 2021.
The program aims at recruiting threat actors to spread malware by breaching corporate network victims, while the core developers take charge of maintaining the malware and payment infrastructure.
DarkSide, which commenced operations in August 2020, has published stolen data from more than 40 victims to date. It’s not immediately clear how much money the attackers demanded or whether Colonial Pipeline has paid. A separate major ransomware attack cripples largest pipeline
