Skip to main content

US oil pipeline taken down by ransomware attack

Ransomware
(Image credit: Image source: Shutterstock/Nicescene)

The largest fuel pipeline in the United States has suffered a ransomware attack whose consequences were felt even in the physical world. 

According to the BBC, security experts Cybereason believe the group behind the attack on the Colonial Pipeline is called DarkSide. The company presumes the group bought the access to remote desktop software, such as TeamViewer or Microsoft Remote Desktop, and then used those credentials to try and access the company network. They used Shodan to find accessible devices.

Once successfully in, they managed to install ransomware, locking the employees out of many computers and network devices, as well as stealing 100GB of data in the process.

We don’t know how much money DarkSide demanded in exchange for the decryption key, and not to publish the stolen data online. We also don’t know whether or not the Colonial Pipeline agreed to pay the ransom - what we do know is that law enforcement has been notified, and that the investigation is ongoing.

We also know that the prices of fuel are likely to go up to three percent today, as a result of the attack, and that it is even possible for even New York to feel the effects. At the moment, Atlanta and Tennessee are the first two expected to be impacted.

The BBC also reported that the US government issued urgent legislation over the weekend, allowing trucks to transport more gasoline and other derivatives than usual.

Since the attack, the services have been partially restored.