• Nitten Gokhaley

Colonial Pipeline Cyberattack Investigation Updates And Key Takeaways

Updated: Jul 16

Gas delivery systems in the US East Coast experienced a significant disruption between May 7 and May 12. Computer systems handling roughly 5,500 miles of pipeline operated by Colonial Pipeline Company were hacked by Eastern Europe-based cybercriminal gang, DarkSide. Reports suggest the Colonial Pipeline Company ended up paying $5 million worth of bitcoin in ransom.

Let's take a detailed look at certain aspects surrounding the case:

  • Two versions of DarkSide crimeware

  • American law enforcement agencies have forced DarkSide to shutdown

  • Six other reputed organizations faced ransomware attacks in Q1, 2021

  • Simple steps can help protect your network

DarkSide and the colonial pipeline ransomware-type

DarkSide is linked with Russian Federation and often manages to remain in the headlines since 2013. DarkSide v1.0 and DarkSide v2.1 are the group's known versions identified in various cyber-attacks worldwide. The hacker group allows affiliates to use their ransomware under Ransomware-as-a-Service (RaaS) model. Affiliates carry out attacks, and they pay a share out of the ransom amount (in cryptocurrency) to DarkSide.

Has the FBI recovered colonial pipeline ransomware amount?

London-based blockchain analytics company, Elliptic, said in a statement to CNBC on May 14 that it has identified DarkSide's bitcoin wallet. The same one was used for collecting ransom payments from 47 crimeware victims during the last nine months.

Elliptic's co-founder and scientist Tom Robinson believes DarkSide was forced to shut down due to action from American law enforcement agencies. The hacker group lost access to its servers and bitcoin wallet containing $5.3 million worth of digital currency.

The number of worldwide ransomware attacks has doubled in Q1, 2021 compared to the figures in 2020. Thus, the US Justice Department has formed a task force consisting of reputed cyber experts. The committee has recently released a report with 48 policy recommendations. Plus, the Transportation Security Administration has also made it mandatory for pipeline companies to disclose information about cyberattack to the federal government.

Besides the Colonial Pipeline, which reputed organizations faced ransomware attacks in Q1, 2021?

  • Harris Federation

  • CNA Financial (cyber insurance)

  • Acer (Computer Maker)

  • Sierra Wireless (IoT device specialist)

  • Quanta Computer (Apple's contract manufacturer)

  • Tulsa City (Oklahoma) Police and Tulsa Fire Department

Which are the top sectors that face ransomware attacks?

  • Healthcare

  • Government/Military

  • Insurance/Banking and Finance

  • Software vendor

How to protect your network from ransomware?

  • Forming cybersecurity framework

  • Creating an incident response plan

  • Conducting employee awareness programs focused on phishing emails, spear phishing, watering hole attack

  • Creating a cloud-based backup for computer and smartphone data

  • Installing anti-ransomware technology solutions