The cyberextortion attempt that has forced the shutdown of a vital U.S. pipeline was carried out by a criminal gang known as DarkSide that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, a person close to the investigation said Sunday.
Bloomberg say the hack was likely the work of a cybercriminal group, and that the ransomware gang DarkSide appears to be the primary suspect. Bloomberg claims DarkSide stole almost 100GB of data in two hours on May 6th as part of a “double-extortion scheme” where intruders threatened to both leak company data and lock Colonial out of its information.
It’s not certain if Colonial agreed to pay a ransom. The oil and gas giant reportedly asked FireEye’s Mandiant forensics team to help investigate the breach.
The shutdown, meanwhile, stretched into its third day, with the Biden administration saying an “all-hands-on-deck” effort is underway to restore operations and avoid disruptions in the fuel supply.
Experts said that gasoline prices are unlikely to be affected if the pipeline is back to normal in the next few days but that the incident the worst cyberattack to date on critical U.S. infrastructure should serve as a wake-up call to companies about the vulnerabilities they face.
If DarkSide or a similar group is involved, this would represent one of the most impactful ransomware campaigns to date. Hackers have targeted city governments and other key infrastructure before, but Colonial’s reach could lead to extensive problems if it can’t recover quickly. The company provides nearly half of the East Coast’s fuel supply, including at airports. A lengthy shutdown could restrict travel across the US and have a knock-on effect for the American economy at large.
