Colonial Pipeline hackers stole data on Thursday - Bloomberg News
(Reuters) - The hackers who caused Colonial Pipeline to shut down on Friday began their cyberattack against the top U.S. fuel pipeline operator a day earlier and stole a large amount of data, Bloomberg News reported citing people familiar with the matter.
© Reuters/Kacper Pempel FILE PHOTO: Hooded an holds laptop computer as cyber code is projected on him in this illustration picture
The attackers are part of a cybercrime group called DarkSide and took nearly 100 gigabytes of data out of Colonial's network in just two hours on Thursday, Bloomberg reported late Saturday, citing two people involved in the company's investigation.
(Reuters) - The hackers who caused Colonial Pipeline to shut down on Friday began their cyberattack against the top U.S. fuel pipeline operator a day earlier and stole a large amount of data, Bloomberg News reported citing people familiar with the matter.
© Reuters/Kacper Pempel FILE PHOTO: Hooded an holds laptop computer as cyber code is projected on him in this illustration picture
The attackers are part of a cybercrime group called DarkSide and took nearly 100 gigabytes of data out of Colonial's network in just two hours on Thursday, Bloomberg reported late Saturday, citing two people involved in the company's investigation.
By Jordan Robertson and William Turton
Attackers stole nearly 100GB of data in two hours on Thursday
Theft followed by locking of computers and ransom demand
Cyber-Attack Shuts Colonial Pipeline
The hackers who caused Colonial Pipeline to shut down the biggest U.S. gasoline pipeline on Friday began their blitz against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, according to people familiar with the matter.
The intruders, who are part of a cybercrime gang called DarkSide, took nearly 100 gigabytes of data out of the Alpharetta, Georgia-based company’s network in just two hours on Thursday, two people involved in Colonial’s investigation said.
The move was part of a double-extortion scheme that is one of the group’s hallmarks. Colonial was threatened that the stolen data would be leaked to the internet while the information that was encrypted by the hackers on computers inside the network would remain locked unless it paid a ransom, said the people, who asked not to be identified because the information isn’t public.
The company didn’t immediately respond to requests to comment on the investigation. It said earlier that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”
The Colonial Pipeline route along the U.S. eastern seaboard.
Source: Colonial Pipeline
Colonial’s decision late Friday to shut down a pipeline that is the main source of gasoline, diesel and jet fuel for the East Coast, without saying when it would reopen, represents a dangerous new escalation in the fight against ransomware, which President Joe Biden’s administration has identified as a priority.
It’s not clear how much money the attackers demanded or whether Colonial has paid. Ransomware demands can range from several hundred dollars to millions of dollars in cryptocurrency. Many companies pay, often facilitated by their insurers.
AXA SA, one of Europe’s top insurance companies, said this week that it would break with that trend and stop offering policies in France that reimburse customers for payments made to ransomware hackers, which could be the first in the industry, the Associated Press reported.
Cyber-attacks have disrupted the operations of other energy assets in the U.S. in recent years. Last year, the Department of Homeland Security revealed that an attack brought down an unnamed natural gas compressor facility for two days. In April 2018, several natural gas pipeline operators had service interruptions because of the hack of a third-party provider whose technology enables electronic communications between the entities.
The theft of Colonial’s data, coupled with the detonation of ransomware on the company’s computers, highlights the leverage that hackers often have over their victims in these kinds of cases. The company said FireEye Inc.’s Mandiant digital forensics division is assisting with the investigation.
The White House said that Biden was briefed on the incident Saturday morning.
A series of major cyber-attacks in recent weeks also underscored the brazenness of the attackers and the challenges of tackling the problem of ransomware.
In a matter of days, attacks were revealed against the police department in Washington, D.C. , where the hackers threatened to release information about police informants to criminal gangs; the Illinois Attorney General’s office, which had been warned about weak cybersecurity practices in a recent state audit; and San Diego-based Scripps Health, where medical procedures were canceled and emergency patients diverted to other hospitals.
Ransomware Attackers Up Ante as White House Vows Crack Down
May 8, 2021, 8
Attackers stole nearly 100GB of data in two hours on Thursday
Theft followed by locking of computers and ransom demand
Cyber-Attack Shuts Colonial Pipeline
The hackers who caused Colonial Pipeline to shut down the biggest U.S. gasoline pipeline on Friday began their blitz against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, according to people familiar with the matter.
The intruders, who are part of a cybercrime gang called DarkSide, took nearly 100 gigabytes of data out of the Alpharetta, Georgia-based company’s network in just two hours on Thursday, two people involved in Colonial’s investigation said.
The move was part of a double-extortion scheme that is one of the group’s hallmarks. Colonial was threatened that the stolen data would be leaked to the internet while the information that was encrypted by the hackers on computers inside the network would remain locked unless it paid a ransom, said the people, who asked not to be identified because the information isn’t public.
The company didn’t immediately respond to requests to comment on the investigation. It said earlier that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”
The Colonial Pipeline route along the U.S. eastern seaboard.
Source: Colonial Pipeline
Colonial’s decision late Friday to shut down a pipeline that is the main source of gasoline, diesel and jet fuel for the East Coast, without saying when it would reopen, represents a dangerous new escalation in the fight against ransomware, which President Joe Biden’s administration has identified as a priority.
It’s not clear how much money the attackers demanded or whether Colonial has paid. Ransomware demands can range from several hundred dollars to millions of dollars in cryptocurrency. Many companies pay, often facilitated by their insurers.
AXA SA, one of Europe’s top insurance companies, said this week that it would break with that trend and stop offering policies in France that reimburse customers for payments made to ransomware hackers, which could be the first in the industry, the Associated Press reported.
Cyber-attacks have disrupted the operations of other energy assets in the U.S. in recent years. Last year, the Department of Homeland Security revealed that an attack brought down an unnamed natural gas compressor facility for two days. In April 2018, several natural gas pipeline operators had service interruptions because of the hack of a third-party provider whose technology enables electronic communications between the entities.
The theft of Colonial’s data, coupled with the detonation of ransomware on the company’s computers, highlights the leverage that hackers often have over their victims in these kinds of cases. The company said FireEye Inc.’s Mandiant digital forensics division is assisting with the investigation.
The White House said that Biden was briefed on the incident Saturday morning.
A series of major cyber-attacks in recent weeks also underscored the brazenness of the attackers and the challenges of tackling the problem of ransomware.
In a matter of days, attacks were revealed against the police department in Washington, D.C. , where the hackers threatened to release information about police informants to criminal gangs; the Illinois Attorney General’s office, which had been warned about weak cybersecurity practices in a recent state audit; and San Diego-based Scripps Health, where medical procedures were canceled and emergency patients diverted to other hospitals.
Ransomware Attackers Up Ante as White House Vows Crack Down
No comments:
Post a Comment