Colonial Pipeline Latest Victim of Stepped-up Ransomware Attacks
Colonial Pipeline, which operates the United States’ largest fuel pipeline was shut down for days due to a cyberattack committed by a Russian hacker gang known as DarkSide. There have been gasoline shortages and spikes in the price of gas.
The company released a statement on its website: "Colonial Pipeline initiated the restart of pipeline operations today at approximately 5 p.m. ET. Following this restart, it will take several days for the product delivery supply chain to return to normal."
This is not America’s first run-in with DarkSide. DarkSide has been terrorizing American companies for years, where they hack into private companies and hold sensitive information hostage or threaten to release sensitive information unless they are paid a ransom. Other gangs like this have attacked schools, hospitals, and departments within the past few months. There have already been 100 attacks like this against American companies in 2021 alone.
DarkSide released the following statement on its blog following the incident: “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives,” misspelling "government." While the meaning is not quite clear, it could be seen as them realizing that they crossed a line. DarkSide has a list of organizations that they will not attack, which includes funeral services, education, non-profit organizations, the government sector, and the medical field, especially those parts that are helping with the COVID-19 pandemic.
Even though Colonial Pipeline originally said that they would not pay a ransom, it was found out that they paid DarkSide almost $5 million in ransom in cryptocurrency hours after the attack. After paying the ransom, DarkSide gave Colonial Pipeline the decrypting tool, but it was so slow that that Colonial Pipeline still used their backups when restoring their system.
DarkSide works in the process of double extortion which makes the victim pay two separate ransoms: one is paid to unlock any servers or files and the other one is paid with the promise that DarkSide will destroy any information that it stole from the victim.
DarkSide’s admin has written the following under the “Why choose us?” heading: “High trust level of our targets. They pay us and know that they’re going to receive decryption tools. They also know that we download data. A lot of data. That’s why the percent of our victims who pay the ransom is so high and it takes so little time to negotiate.”
DarkSide is also willing to sell information about victims before it is released on its company-shaming blog so that investment scammers can decrease the value of the company’s stock. “Now our team and partners encrypt many companies that are trading on NASDAQ and other stock exchanges,” DarkSide explains. “If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares. Write to us in ‘Contact Us’ and we will provide you with detailed information.”
When it comes to companies with a lot of money, DarkSide can be heartless, but they can be negotiated with. For example, there was a $30 billion company that had a $30 million ransom back in January 2021, and the company was able to have its ransom reduced by about two-thirds.
These attacks are going to keep happening and start happening more unless something is done to stop them. According to a report released last year from Coveware, “the average ransomware payment in the third quarter of 2020 was $233,817, up 31 percent from the second quarter of last year. Security firm Emsisoft found that almost 2,400 U.S.-based governments, healthcare facilities and schools were victims of ransomware in 2020.”
Colonial Pipeline was back up and running five days after the attack. These attacks will continue to happen and will increase in occurrence unless something is done to stop them.
