Major US fuel pipeline taken down by ransomware attack
Attack could see fuel prices soar if it isn’t resolved soon
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A majorransomwareattack has severely impacted fuel deliveries across the US East Coast by shutting down one of the country’s largest pipelines.
The Colonial Pipeline was completely knocked offline reportedly by the DarkSide ransomware group late last week, with experts saying that fuel prices are likely to rise 2-3% this week, with the impact set to be far worse if the pipeline isn’t restarted soon.
Cybersecurityexperts fromCybereasonhave been tracking the DarkSide ransomware gang since it first appeared in August 2020. According to their research, the group has recently released a new version of its ransomware that it claims has the fastest encryption speed, which gives victims little time to take action once their network is infected.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
Click here to start the survey in a new window«
Double-extortion
Cybereason CEO Lior Div toldTechRadar Prothat, like many other ransomware gangs, DarkSide uses a double-extortion scheme, in which they don’t just encrypt the victim’s data, but also exfiltrate it and threaten to make it public if the ransom demand is not paid.
In the Colonial pipeline attack, the group reportedly took almost 100GB of data hostage, which they threatened to leak onto the internet if the ransom isn’t paid.
While it isn’t clear how much ransom DarkSide has demanded from Colonial, Cybereason says their demands usually range between $200,000 to $2,000,000. The group is known to follow through with its threats and has published stolen data from more than 40 victims on its website, which Cybereason estimates to be just a fraction of the overall number of victims.
Stefan Schachinger, Product Manager, Network Security, IoT, OT, ICS at Barracuda believes that Colonial has been attacked through an insecureremote access.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Remote accesses are not insecure per definition but require proper security measures such as encryption and multifactor authentication. Organizations should also implement a layered defence strategy, with multiple technical hurdles that keep attackers and malicious software out,” he toldTechRadar Pro.
The attack has put the spotlight on the threat to operational technology (OT) in civil infrastructure, amplified by the use of outdated or poorly protected software, as it the latest in a string of recent cyber attacks on utilities.
A few months ago, an unsophisticated attacker managed to break through into awater treatment utilityin the city of Oldsmar, Florida, still running on the outdatedWindows 7PCs.
“TheSolarWindsandMicrosoft Exchangeemailserver attacks were unparalleled in their scope, successfully infiltrating and compromising virtually every US government agency and a wide array of medium and large private sector companies. The Colonial Pipeline attack reinforces the need to update legacy systems running today’s critical infrastructure networks,” Div added.
ViaThe Guardian
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
